Hello .*, Blars Blarson �crivait : > [EMAIL PROTECTED] writes: > >I have installed and configured a firewall using woody and the > >standard 2.4.18 kernel that comes with it. I am using iptables. > > > >The server has 2 interfaces, and I now have the requirement of setting > >it up so that the 2 interfaces have the same IP, so in case one of the > >cards, or associated hardware, goes down then the firewall stays > >visible. > > Using the same IP on multiple interfaces on different segments works > just fine. (Except dhcpd, which doesn't understand this configuration.) > Proxy arp routing is used, so no other system needs to know about this. > > For backup use, I'd configure them both with the same ethernet address > and leave one down until it looks like the other has failed. However, > I wouldn't recomend this configuration, since it adds additional > possible failures (of the switch code) when the situation being > allowed for is unlikely. If you are that parinoid, you should have > duplicate segments throughout your network.
An easy way to do what your are claiming for is to put both your interfaces into a bridge group. Both interfaces will receive pseudo ethernet hardware address, and will be logically available under a new "br0" (or whatever name you choose for it) virtual ethernet interface. You may take a look at this : http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/ And especialy there : http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/practical-example.html#AEN590 Regards, J.C.
