[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packet Filter State Synchronisation daemon : pfsyncd



On Thursday 17 April 2003 10:47, Can Erkin Acar wrote:
> The patented idea that VRRP uses (using a single MAC address for all
> routers) is so simple and fundemental that it is difficult to work around.
I thought at redundancy.
This is a handicraft solution:
1) Add a dedicated network interface to the couples of firewall
2) Link them with a crossed cable
3) Use those interfaces for pfsyncd
4) Master box doesn't need special configuration
5) Slave box must use the same IP addresses, adding the "-arp" option inside 
/etc/hostname.*
6) When master go down, pfsyncd or another tool on slave box should launch 
"ifconfig if0 arp" for every valid interface
This should work with hub and switches.
This should work with stealth bridge.
The biggest problem is that of supporting every type of breakdown.
	Ed