On Tuesday 17 April 2007 18:45:01 Ashley M. Kirchner wrote: > Hi Folks, > > I'm looking for suggestions on how to create a failover setup at the > office. At the moment I have a single FC6 machine that acts as our > firewall. It uses iptables to allow inside (private network) traffic to > get out (to the internet) and vice versa. The problem is, if this > system were to go down in the middle of the night, I won't know about it > till the morning and there are workers that come in early in the morning > and can't get any work done because they have no connection. > > So, if I setup a second machine to be a failover system, how do I > actually get that accomplished? Network needs to be re-routed somehow > when the primary goes down. > > The current layout is, seen from the outside: > > INTERNET ---> CSU/DSU ---> FC6 Firewall ---> HP ProCurve Switch > > The ProCurve switch serves our local network (with private [static] > IPs) The firewall is multihomed with one public ethernet and a private > one. > Well, an aproach could be setting up a machine where LVS and Keepalived would be installed BEFORE the FC6 machine and of course, you would need two machines acting as a firewall (if I'm correct, this machine also acts a router). Bear in mind if you want any failover system you would need two machines, one as a setup, of course, if not, there's no way to build a proper HA enviroment. Cheers -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
