OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Sean Chittenden (seanchittenden.org)
Date: Fri Oct 05 2001 - 00:52:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Few things:

    1) ipfilter 4 is supposed to do this, but isn't out yet
    2) Wackamole with will handle the failover of a virtual IP.

    http://www.backhand.org/wackamole/

            You could use that with ipfilter/ipfw and you'd be pretty good
    to go. If you used a state table on either you'd loose your established
    connections, but you'd at least be redundant. How's that sound? -sc

    > > At 10:06 PM 10/4/2001 -0400, Sean Lutner wrote:
    > > >Hello...
    > > >I've recently been tasked with coming up with a redundant/failover
    > > >firewall solution to replace our managed firewalls. The goal is to have
    > > >more control, and spen dless money. So, after some research I decided
    > > >FreeBSD with ipfw and vrrp would do the trick. I set out to in stall and
    > > >configure everything. I noticed when trying to install vrrp from ports
    > > >that it's been tagged forbidden, and confirmed this after searching the
    > > >-security archives. The problem I'm running into is this. I grabbed the
    > > >code that /usr/ports/net/vrrp would have, and built it, but the
    > > >implementation has some problems. Once failed over (slave taking over for
    > > >master), it does not fail back without intervention. If you down an
    > > >interface with a vrid on it, somehow the vip stays in the interface
    > > >causing problems. My basic question is this. Is there anyone else out
    > > >there running redundant/failover firewalls using freebsd? If so, what are
    > > >you running? I found one other piece of software at http://linux-ha.org th!
    > > > at said would build on freebsd, but no such luck. If anyone has any
    > > > ideas, pointers, products, or thwaps in the right direction, i'd
    > > > appreciate them.
    > > >
    > > >Thanks
    > > >
    > > >Sean
    > > >
    > > >--
    > > >Sean Lutner | www: http://www.rentul.net
    > > >e-mail: seanrentul.net | gpg: http://www.rentul.net/sean.sig
    > > >
    > > >"Imagination is more important than knowledge." -- Albert Einstein
    > > >
    > > >To Unsubscribe: send mail to majordomoFreeBSD.org
    > > >with "unsubscribe freebsd-security" in the body of the message
    > >
    > > --------------------------------------------------------------------
    > > Mike Tancsa, tel +1 519 651 3400
    > > Sentex Communications, mikesentex.net
    > > Providing Internet since 1994 www.sentex.net
    > > Cambridge, Ontario Canada www.sentex.net/mike
    > >
    > >
    > > To Unsubscribe: send mail to majordomoFreeBSD.org
    > > with "unsubscribe freebsd-security" in the body of the message
    >
    > --
    > Sean Lutner | www: http://www.rentul.net
    > e-mail: seanrentul.net | gpg: http://www.rentul.net/sean.sig
    >
    > "Imagination is more important than knowledge." -- Albert Einstein
    >
    > To Unsubscribe: send mail to majordomoFreeBSD.org
    > with "unsubscribe freebsd-security" in the body of the message 

    -- 
Sean Chittenden

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message