Linux Netfilter discussions
 help / color / mirror / Atom feed
* iptables state transfer
@ 2007-06-11 10:55 Martin Schiøtz
  2007-06-11 11:22 ` Petr Pisar
  0 siblings, 1 reply; 5+ messages in thread
From: Martin Schiøtz @ 2007-06-11 10:55 UTC (permalink / raw)
  To: netfilter

Hi

Can iptables do state transfer between two firewalls for failover
purpose. Something like PF sync with PF in BSD.

I want to do NAT with failover.

Best regards,
Martin


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables state transfer
  2007-06-11 10:55 iptables state transfer Martin Schiøtz
@ 2007-06-11 11:22 ` Petr Pisar
  2007-06-11 12:12   ` Martin Schiøtz
  0 siblings, 1 reply; 5+ messages in thread
From: Petr Pisar @ 2007-06-11 11:22 UTC (permalink / raw)
  To: netfilter

On 2007-06-11, Martin Schiøtz <malinux@gmail.com> wrote:
>
> Can iptables do state transfer between two firewalls for failover
> purpose. Something like PF sync with PF in BSD.
>
> I want to do NAT with failover.
>

Try conntrack-tools
http://people.netfilter.org/pablo/conntrack-tools/

-- Petr



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables state transfer
  2007-06-11 11:22 ` Petr Pisar
@ 2007-06-11 12:12   ` Martin Schiøtz
  2007-06-21  0:27     ` Lars Wilke
  0 siblings, 1 reply; 5+ messages in thread
From: Martin Schiøtz @ 2007-06-11 12:12 UTC (permalink / raw)
  To: Petr Pisar; +Cc: netfilter

> > Can iptables do state transfer between two firewalls for failover
> > purpose. Something like PF sync with PF in BSD.
> >
> > I want to do NAT with failover.
> >
>
> Try conntrack-tools
> http://people.netfilter.org/pablo/conntrack-tools/
>

It looks like the right thing - Thanks!

- Martin


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables state transfer
  2007-06-11 12:12   ` Martin Schiøtz
@ 2007-06-21  0:27     ` Lars Wilke
  2007-06-21  1:48       ` Grant Taylor
  0 siblings, 1 reply; 5+ messages in thread
From: Lars Wilke @ 2007-06-21  0:27 UTC (permalink / raw)
  To: netfilter

* Martin Schiøtz wrote:
> > > Can iptables do state transfer between two firewalls for failover
> > > purpose. Something like PF sync with PF in BSD.
> > >
> > > I want to do NAT with failover.
> > >
> >
> > Try conntrack-tools
> > http://people.netfilter.org/pablo/conntrack-tools/

Out of curiosity ...
Is there somethink that can replicate rule changes, too?

thanks

   --lars



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: iptables state transfer
  2007-06-21  0:27     ` Lars Wilke
@ 2007-06-21  1:48       ` Grant Taylor
  0 siblings, 0 replies; 5+ messages in thread
From: Grant Taylor @ 2007-06-21  1:48 UTC (permalink / raw)
  To: Mail List - Netfilter

On 6/20/2007 7:27 PM, Lars Wilke wrote:
> Is there somethink that can replicate rule changes, too?

This is (was last I read about it) out side of the scope of what 
conntrackd is designed to do.



Grant. . . .


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-06-21  1:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-11 10:55 iptables state transfer Martin Schiøtz
2007-06-11 11:22 ` Petr Pisar
2007-06-11 12:12   ` Martin Schiøtz
2007-06-21  0:27     ` Lars Wilke
2007-06-21  1:48       ` Grant Taylor

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox