[Shorewall-users] redundant firewalling

David T Hollis dhollis at davehollis.com
Tue Dec 16 07:40:42 PST 2003


On Mon, 2003-12-15 at 19:13, Nik Engel wrote:
> Hi all ! 
> 
> I want ot set up shorewall in a redundant firewall scenario. I have to
> identical servers equiped with 3 nics each. Both are running shorewall
> and have an indentical set up. On both systems Debian Woody is
> installed. Has anybody experience with a redundant scenario. I have read
> about vrrp which can provide a protocol for this application. 
> 
> any help appreciated ... 
> 
> thanks 
> Nik 
>  
Look at keepalived (http://keepalived.sourceforge.net/) to handle VRRP
and basic system monitoring.  You could easily setup a redundant
Shorewall installation with that to handle the IP portion and some
simple scripts to ensure that the configs remained consistent.  What you
will not have is stateful failover so all of your big FTPs or HTTP
downloads will be dropped, etc.  This is not a Shorewall limitation,
rather a netfilter limitation.



More information about the Shorewall-users mailing list