I've made a text diagram of the setup I'm trying to get going.
I've got two switches (one level 3, another level 2, both
vlan-capable):
switch1(85.10.225.0/24)
ports 0 1 2 3 4 5 6 7 8 9 a b c d e f
| | | | x
gw----+ | | | x
fw1 fw2 h x
| | | x
| | | x
ports 0 1 2 3 4 5 6 7 8 9 a b c d e f
switch2(10.0.0.0/24)
gw is gateway, fw1/fw2 are the firewall cluster, h is a host,
| means connected, x facultative connect (the cable is there but
the port is disabled).
Ordinarily, the firewalls are not active. When I want to make
a cluster, I define a port-based vlan on switch1 with ports 0,1,3
and port-based vlan on switch2 with ports 1,3,5.
I need to make a 1:1 NAT for each private (10.0.0.x) address
from the public virtual IP address (85.10.225.x).
Would this work? Is there a simpler way?
--
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
