Michael, thanks for your repply, I forgot to mention that each one are in different places, so I wanted to set each local network to use the nearest firewall. And yes, I will have a hardware that can handle the whole network. But, why not active/active? (sorry for the silly question, if you can just point me to any good source I can read about, its ok, no need to waste your time with this) -- Att... Ricardo Felipe Klein klein.rfk@xxxxxxxxx On Wed, Nov 5, 2014 at 5:40 PM, Michael Schwartzkopff <ms@xxxxxxx> wrote: > Am Mittwoch, 5. November 2014, 17:15:23 schrieben Sie: >> Hi there, >> >> I need to build a scenario with 2 linux servers (probably CentOS7) >> acting as active/active firewall servers. What tools should I use? >> I saw some articles with: >> - conntrackd + keepalived >> - conntrackd + corosync + pacemaker > > Why? There is not reasonable cause to build an active/active firewall from two > nodes. > > Any single hardware is fast enough to filter the speed of a WAN connection you > can afford. No need for load balanceing. > > If one server breaks, the other has to bear the whole load. So you have to > design your hardware for the whole load. > > So please build an active/passive system. > > keealive makes the things very simple. If you have just the firewall, go for > it. If you waht a little bit more, i.e. conntrackd and a squid with > dependencies amongst all resources, go for pacemaker. > >> But, what is the most used/stable? >> >> >> AND, if there is a chance, I have 4 lan networks (each one in a >> different VLAN) and it should be good if I can set something like >> "preffered master" to each one for load distribution, because I will >> run SQUID in those servers too. >> >> I just need to know which way to go, so, I can learn the tools and >> configure it all here. > > Mit freundlichen Grüßen, > > Michael Schwartzkopff > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
