Check out KeepAliveD (keepalived.sourceforge.net)- it uses VRRP for failover. It does not, however, provide /stateful/ firewall failover. IIRC, work is (was) being done for Netfilter's own state syncing. On Thu, 2004-06-17 at 15:52, Patrick Ahler wrote: > I am looking for info on creating a redundant gateway/firewall. I > currently have my network setup with 1 working iptables gateway/firewall > and 1 backup gateway. If the first gateway goes down, I change the IP's > and spoof the MAC addresses (I change the external MAC address because > my internal network is masqueraded through the gateway and just > switching the external IP messes with the arp tables on the router... > That's a whole other issue though) on the backup gateway and it takes > over. This is not redundancy and is dirty. Does anyone have any > suggestions on how to do this better? > > Patrick Ahler > Systems Administrator > Vikus Corporation -- Bryan McAninch Network Security Engineer Penson Financial Services, Inc.
