Bogdan TARU wrote:
> I have an unusual question, and hope I'll find the answer on this list. I
> would like to build a redundant structure of firewalls (2 of them), and I
> really don't have any idea on how to do that. What I would like is a
> scheme like:
[ ... picture ... ]
> But the real question is: how do I assign the same IP address to two
> interfaces connected to the same hub(s) or switch(es)? I guess this will
> provide the best redundancy. Any such software? If not, could you describe
> an alternative for it, or point me to some resources?
You want VRRP -- Virtual Router Redundancy Protocol. This
works best with gigabit ethernet cards, which support multiple
MAC addresses. Do a net search on:
FreeBSD VRRP
Unfortunately, the FreeBSD ethernet interface isn't terribly
smart. Ideally, it would provide a virtual interface per VIP,
all the way down to the card; it doesn't.
The typical solution used is to blatantly kludge the multicast
mask in the hardware, and then that leaves the card in a half-baked
"half promiscuous" mode.
-- Terry
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
