|
On Fri, 14 Apr 2006, octane indice wrote:
I first want a firewall with failover. _Then_ if it works,
I would add director on top of it.
The question is: the sync daemon is helpful with me
to synchronize firewalls state or not?
not helpful. the synch state demon only keeps track of the
ipvs controlled connections, not the firewall state.
Running a firewall on the director with failover is a
fairly normal operation now. It doesn't use carp/pfsync.
but when the masters fails every connection tracked
by the firewall are lost. I want to avoid that.
ah. I see. Yes this is a problem. I had assumed this was
solved a long time ago (scratching head....) I now remember
Harald Welte talking about writing this at an OLS a few
years back, but he hadn't found sponsorship to do it and was
putting it off. A quick search of Harald's web pages just
now with google doesn't turn up anything likely.
This is most unfortunate.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
