Interesting, but I don't quite understand how the upstream multihomed link works.
If the AstLinux WAN bridge interface has a static IP and gateway, how is this a failover situation ... unless like you mentioned a VRRP (keepalived) setup. Is the AstLinux static gateway IP ARP'ing to different MACs depending on some magic upstream? All in the same subnet? If "yes" above, then this would indeed be a special case where you would want the WAN to be a bridge interface. Lonnie > On Feb 2, 2022, at 4:04 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> > wrote: > > It's a static address with the gateway address shared on the firewalls as > active and standby. Not sure if they have a virtual address like VRRP but > doesn't make any difference from Astlinux's perspective. > I did some testing and all seemed to work. Its on a Qotom box so I assume > performance should not be an issue. > > Regards > Michael Knill > > On 3/2/22, 9:00 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > Hi Michael, > > It would be a special case where you would want the WAN to be a bridge > interface. > > How is the WAN interface's IP address defined? > > I'm not sure how your two WAN trunks are routed to your bridge interface. > > But, if a 2-port ethernet switch would work, so should a 2-interface linux > bridge. > > Lonnie > > > > >> On Feb 2, 2022, at 3:33 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Group >> >> I have set up two ports on my Astlinux box into a bridge and allocated to >> the WAN interface. These ports are connected behind a primary and failover >> Watchguard firewall as a DMZ interface. The LAN interface connects to the >> Voice VLAN making this system a VPN router only for about 70 phones. >> >> Just wanting to know if anyone can see any issues with this architecture as >> I haven’t used bridge interfaces before. >> It just seems better than sticking a switch in between creating another >> single point of failure. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> <image001.png> >> Smarter Business Communications >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
