Hi, On Wed, Oct 24, 2007 at 11:20:22AM +0200, [EMAIL PROTECTED] wrote: > hi everyone > i have a new task for a hosting provider > there is a linux firewall filtering internet for all the servers > (someting like 100 servers). > last week the firewall broke down, cut the internet access to all the servers > and no alarm cause the nagios was behind the firewall. > the box had linux iptables and proxy arp. > > > ----[internet]---public IP--[linux box]-----all the servers(public ip's) > > the ip of the box, is in the same subnet that the servers > and all the interfaces on the linux has the same public ip. > > i was thinking at a bridge firewall with openbsd, and maybe carp to be > redundant > but carp is not working with bridge > maybe pf sync and stp ? > thank u for your advice on the situation
I know the setup you are talking about. This is, IMHO, a very handy feature that Linux provides. Nonetheless it is not restricted to Linux and it seems that FreeBSD has a sysctl that achieves the same thing (according to a quick glance at the source code) : net.link.ether.inet.proxyall. Linux provides a finer configuration granualarity IIRC, since it is possible to enable/disable it on a per-interface basis. It is not the case on FreeBSD. I hope this will help. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
