On Fri, 2006-01-27 at 11:13, Greg Brown wrote: > Hey all. I think I finally hit a dead-end with M0n0wall. My outer banks > client now requires fail over from the DSL Internet connection to a 2nd ISP, > probably a cable modem. My research indicates that M0n0 doesn't support > this yet. > > What are my options here besides something like a Cisco 2621xm (WAY too > expensive for this client)? Does anyone know of an inexpensive appliance > that they have tested for fail over Internet? Or can a BSD/Linux box be > built for this purpose? > > Greg
My firewalls at work are OpenBSD. I love them... well, I like them a *lot*. Since you use Monowall, you probably aren't used to directly programming a firewall. PF (the firewall in OpenBSD) can be a bit intimidating for the first 10 minutes of learning, but the docs are very good and there are also plenty of examples. CARP is that way as well - very well documented with good examples. So really, if you just want to get something up and running (and don't care about how it all works), then you can get up and running fairly fast. == In your email you talk about using the second firewall for an alternate connection - using a separate ISP vendor. That being the case, CARP really isn't the tool you want. On fail-over you are switching Vendors. So when moving to the secondary firewall you will also be switching the IP range used by the Firewall. Your users sessions will no longer be valid and all current connections will have to be re-established from scratch. That being the case, all you really want is a second firewall - attached to the alternate ISP - and running a fail-over script that will let it take over as the primary firewall.. Most likely you will only need the secondary firewall to take over the internal address of the primary firewall. This lets the internal users continue to browse/access the internet with a minimal amount of fuss. The scripting to do that is very trivial. You can find an example of that here: http://www.trilug.org/~jonc/Failover_scripts/ Good Luck, and I hope you do learn more about OpenBSD and pf! Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
