On Fri, 7 Feb 2003, Gabriel Granger wrote:
> > Haim Ashkenazi wrote:
> >
> >> Hi
> >>
> >> I have setup a firewall with 4 legs as follows:
> >> * One leg goes to the router (cisco).
> >> * Second leg goes to a switch connected to the internal network
> >> (10.20...).
> >> * The third and fourth legs are both for the dmz. one goes to a
> >> switch with many dmz hosts connected to it, and the other goes
> >> directly to an isolated dmz host (which the firewall acts as a
> >> proxy-arp for it).
> >>
> >> I've used woody+iptables+shorewall for this setting.
> >>
> >> Now, since the firewall is the most critical host, I want to setup some
> >> kind of failsafe, so even if that host dies all the traffic will go
> >> through another host.
> >>
> >> Since I don't even have an idea where to start, I'll appreciate any
> >> ideas/comments/pointers to documentations, etc...
> >>
> >> thanx
have a look at the firewalling bridge patches on sourceforge: you can set
up two identical transparent firewalling bridges, a master and a fallback,
and they will use the STP bridging protocol to decide whether the master
is working or whether the replacement should take over. They don't even
need to have an IP number, which makes them extremely hard to break into,
and you can use ebtables to filter non-IP protocols as well.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <[EMAIL PROTECTED]>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
