From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mohan Sundaram Date: Fri, 20 Jul 2007 01:44:27 +0000 Subject: Re: [LARTC] Re: gateway failover with linux Message-Id: <46A010AB.7080501@vsnl.com> List-Id: References: <20070719172500.GA25266@toroid.org> In-Reply-To: <20070719172500.GA25266@toroid.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Abhijit Menon-Sen wrote: > Hi Grant. > > At 2007-07-19 16:15:01 -0500, gtaylor@riverviewtech.net wrote: >> I'm a bit confused, are you wanting a single Linux firewall / >> router to have redundant internet connections, or to route >> traffic to redundant systems behind it and intelligently >> handle the failure of one or more of said redundant systems? > > Neither. > > I just want a hot standby for a single Linux firewall, such that clients > behind it are not affected by a hardware failure on the firewall. If my > configuration would allow me to someday promote the backup and run both > firewall machines in a load-balancing configuration, so much the better. > > The following example looks very much like what I want: > > http://people.netfilter.org/pablo/conntrack-tools/testcase.html > > (Can anyone comment on whether I should stick with keepalived as > described above, or try out ucarp?) > >> Will you please clarify what you are really wanting to do per >> above and I'll be more than happy to try to point you in the >> right direction. > > Thanks, I'd appreciate any advice you can give me. > > -- ams In case your firewall is a proxy for some service, those connections will fail though - unless you can use a virtual interface with the same IP as the source for such connections. I guess you'll use vrrp in conjunction for failover. It would make sense to use vrrpd with status tracking of WAN gateway but AFAIK no such feature exists as yet. Mohan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc