On Sun, May 25, 2003 at 09:45:12PM -0500, g_netfilter@xxxxxxxxxxx spoke thusly:
>Hi friends, I have some boxes running iptables and i works well. But now I
>need to configure a failover solution, please could you give me some links
>to start reading? I need to consider Netfilter/Iptables and FreeSwan in
>the same box and with a failover configuration.
A few things you need to clarify :
a) What are the failover criteria ? Does the other box need to
maintain full state, or can you accept that all connections will
die for the moment, and can be re-established with the new
master server ?
If state is required, iptables2 should contain failover
capability according to some previous posts by Harald. There was
some experimental work being done by someone, in regards to
exporting the entries out (you'll have to check the archives for
details). I'm not sure how you'll get freeswan to play nice
though.
b) If you merely want dumb failover, then google around for VRRP.
But understand the drawbacks in each circumstance.
