HA-Firewall
Kevin Dwyer
kevin@pheared.net
Thu, 20 Feb 2003 09:42:42 -0500
On Sun, 09 Feb 2003 22:46:53 +0000
"syn uw" <syn_uw@hotmail.com> wrote:
> Hello,
>
> Is it possible to create a HA-Firewall using Heartbeat ? I am asking
> me this because I see the following problems:
>
> - I have one single IP public address which I can use for my firewall,
This is still going to be a problem. You won't be able to effectively
determine the status of the external interfaces with the current code
(but you could do it if you or somebody else modified ipfail to work
with the MII readings from the NICs, even though that won't tell you if
the network is borked, just whether the card has link or not)
If HighAvailability is that important to you, I'd say you should invest
in the extra static IPs necessary to pull this off.
> - I am using OpenBSD 3.2/i386 as firewall, does Heartbeat compile/run
> on OpenBSD ?
I've done some minor work on getting it to run on OpenBSD, but haven't
had much time to devote to it. I think it still needs some
modifications.
--
/* kevin@pheared.net http://pheared.net/devel/ */
/* Network Security Engineer http://pheared.net/~kevin */
/* Sabotage will set us free. Throw a rock in the machine. */
/* >++++++++++[<++++++++++>-]<.+++++.----.[-]++++++++++. */