So I was thinking to use tc on the second box to delay the second packet and it should be dropped by the destination (really bad way to do it) but a quick google gives this: http://parkersamp.com/2010/03/howto-using-linux-as-a-simple-load-balancer-nat-router-firewall/#more-123 That said, idk you can actually do what you want within linux (I'm pretty sure firewall vendors that support this either do it very badly or have custom code) On Wed, Nov 5, 2014 at 3:40 PM, Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> wrote: > On 5 November 2014 20:15, Ricardo Klein <klein.rfk@xxxxxxxxx> wrote: >> Hi there, >> >> I need to build a scenario with 2 linux servers (probably CentOS7) >> acting as active/active firewall servers. What tools should I use? >> I saw some articles with: >> - conntrackd + keepalived >> - conntrackd + corosync + pacemaker >> >> But, what is the most used/stable? >> > > I would recommend Debian, corosync + pacemaker. > > I guess an active-passive cluster will do the job. > > Setting up an active-active firewall cluster is very difficult and > presents some challenges hard to face (like proper statefull filtering > in two nodes simultaneously, and a consistent ruleset management > between nodes of the cluster). > > -- > Arturo Borrero González > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
