If you do not limit yourself to Linux, you can easily use PF (pf+pfsync+CARP) to do the job. http://www.openbsd.org/faq/pf/carp.html
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:linux-il- > [EMAIL PROTECTED] On Behalf Of Amos Shapira > Sent: Tuesday, May 01, 2007 5:39 AM > To: Linux-IL > Subject: Linux firewall failover > > Hello, > > I'm looking at an option to deploy a couple of Linux boxes as our main > router for HA (after the power supply of our SonicWall fried itself on > the night of a non-working day). This morning I though it would be neat > if the standby firewall node could replicate the connection tracking > info from the primary node and a quick search shows that a couple of > people have already beaten me to it - enter contrackd ( > http://people.netfilter.org/pablo/conntrackd/, announcement in > http://lists.netfilter.org/pipermail/netfilter-devel/2006- > May/024548.html ) and ctsyncd (blog in > http://gnumonks.org/~laforge/weblog/linux/netfilter/ct_sync/, SVN in > https://svn.netfilter.org/netfilter/trunk/netfilter-ha/ct_sync/ > <https://svn.netfilter.org/netfilter/trunk/netfilter-ha/ct_sync/> ) > > conntrackd came later but seems to be more active and feature complete > than ctsyncd (e.g. using both firewall nodes at once to double the > bandwidth), it's not packaged for Debian yet (it's in some ITP list and > debian already has "conntrack") and appears to be still in experimental > state. > > Does anyone here have experience with anything like this? > > Cheers, > > --Amos > ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]