Solved

Redundant linux firewall's

Posted on 2004-09-17
5
215 Views
Last Modified: 2011-10-03
i have 1 subnet ... 206.245.146.0/25
i want to setup 2 firewall's that are redundant for this ip block... it is our webhosting block... what is the best approach to do this... i am using linux iptables firewall's... i want to setup maby virutal ip's of our hosted ip's, i don't know...
0
Comment
Question by:readingeagle
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. i want to setup 2 firewall's that are redundant for this ip block.
what do you mean by "redundant"?
0
 

Author Comment

by:readingeagle
Comment Utility
i want 2 firewall's with the same external ip address... like hsrp for cisco... 2 externally differnt ip address's and then many similar virutal ip address's
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
sounds more than a load balancer issue, iptables itself cannot do it
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
Comment Utility
The easiest way to do this is probably by using a High availability solution where 1 PC provides the firewall, and in the event of it failing, another PC takes over. This limits the maximum bandwidth to the maximum that 1 PC can cope with. If you are prepared to spend a little more time on the problem then you can look at load balancing.Try looking here:

http://www.ultramonkey.org/

or Redhat's piranha detailed here

http://www.redhat.com/support/wpapers/piranha/x32.html

Which are 'freely' available.

If you want to do this sort of thing on a bigger scale, then you may care to look here:

http://www.high-availability.com/Product/
http://www.openminds.co.uk/high_availability_solutions/
0
 

Author Comment

by:readingeagle
Comment Utility
ultramonkey is really good with fedora core 1... i set this up for network load balancing of my spam/virus mail filters... now i have 2 running in a clustered mode using heartbeat fail over and a firewall rule that forwards my ext ip to 2 internal ip's on a "flip flop" connection... if one of the boxes was to be turned off or die, the other box takes over the ip and then both ip's now reside on one box so the forwading from the firewall never stops...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
IPA password reset issue 6 401
iptables nat port range centos 6.x 21 88
What is Mod Security For WHM and Cpanel 2 86
linux, squid, exchange 14 126
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now