[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: redundant firewall with openbsd
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: redundant firewall with openbsd
- From: josh <dorqus_(_at_)_bsdfreek_(_dot_)_com>
- Date: Tue, 28 Aug 2001 16:01:50 -0400
Shriman Gurung wrote...
> How redundant do you want to be? I have a pair of boxes set up
> so that one can assume the identity of the other in about 30 seconds
> (including about 25 seconds for the reboot ;)) but it doesn't
> do anything like on-the-fly state table maintenance or virtualised
> MAC addressing or VRRP or...
How did you set that up? I'm in the midst of building redundant
firewalls for my company, I was just going to write a simple
shell script which renumbured the spare box as the live box and rebooted
it (you'd power off the old box first).
The ipf/ipnat.rules files would be copied over anytime they are
changed, but something more automatic would be a lot nicer.
"Unix is very simple, but it takes a genius to understand the
simplicity." - Dennis Ritchie
Visit your host, monkey.org