Hi,
I hope this is not OT. I searched through the archives but didn't find
anything really answering my question.
I want to create a cluster of two firewalls with Linux-HA so that if
the primary fail, the secondary firewall will take over. Note that I
don't care about syncing states between firewalls, they will just have
to reconnect :)
It's a typical configuration:
_______FW1_______
/ | \
INTERNET--ROUTER--< |HB >--SERVER
\_______ | _______/
FW2
HB is the heartbeat between the two firewalls.
The default gateway of SERVER will be the IP address of the cluster of
firewall. So SERVER->INTERNET will always go through the right FW.
But I'm concerned about INTERNET->SERVER (public IP).
My question is: will enabling proxy_arp on the active firewall and
disabling it on the inactive be enough to route the traffic through the
correct(active) firewall?
Thanks
Sébastien
--
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
