On Mon, Sep 22, 2003 at 09:04:49AM +0200, Marc Hansen wrote: > Hello, > how is it possible to have two firewalls in an HA-Enviroment? only if you do stateless packet filtering and no NAT. > Does somebody have a hint or a link for me? There is an ongoing implementation for conntrack state synchronization, but it's not finished or public yet. For the design paper, please see http://cvs.gnumonks.org/presentation/netfilter-failover-ols2002/netfilter-failover-ols2002.tex?rev=1.1&content-type=text/x-cvsweb-markup > Marc -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00595.pgp
Description: PGP signature
