Hello people, I'm looking for a way to keep 2 firewalls (shorewall obviously) in failover.
There is a mentioning on the FAQ for this, but the link supplied is not valid any more… (FAQ 65) How do I accomplish failover with Shorewall? Answer: This article by Paul Gear <http://linuxman.wikispaces.com/Clustering+Shorewall> should help you get started. I did not find any other info which I could use (or comprehend), so in absence of this, I was thinking to script like thus: FW1 is active and brandishes special private IP on isolated VLAN FW2 keeps all interfaces except the one in the same VLAN down as long as it can spot said IP. Shorewall is not running yet on FW2. FW1 loses connectivity and thus FW2 ’notices’ the missing IP for a specified delay. FW2 then switches versions of its interface file (mv /etc/interfaces to /etc/interfaces.monit & cp /etc/interfaces.full to /etc/interfaces) + networking restart + shorewall start. For good measure, FW2 kills the PID of FW1-VM by means of a second isolated VLAN, only active on the hypervisor & FW2 after networking restart so as to avoid any duplicate IP’s should FW1 still linger or have resurrected itself. Suggestions or comments are highly appreciated. Kind regards, Jord Wegge
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
