LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-26-2007, 04:06 AM   #1
ahmedken
LQ Newbie
 
Registered: Apr 2006
Posts: 8
Blog Entries: 1

Rep: Reputation: 0
How to implement statefull firewall


I have sucecessfully implemented a set of linux servers to act as active/standby set of firewalls, using keepalived and VRRP, the problem the failover is stateless. Can you tell me how to implement statefull failover?
 
Old 02-26-2007, 04:14 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,406

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
it looks like you want to look at the ct_sync module/project.

http://svn.netfilter.org/cgi-bin/vie...EADME?rev=4083
http://gnumonks.org/~laforge/weblog/...ync/index.html
 
Old 03-04-2007, 04:05 AM   #3
ahmedken
LQ Newbie
 
Registered: Apr 2006
Posts: 8
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Up Up Up Up
 
Old 03-04-2007, 04:08 AM   #4
ahmedken
LQ Newbie
 
Registered: Apr 2006
Posts: 8
Blog Entries: 1

Original Poster
Rep: Reputation: 0
I think conntrackd should be implemented, but i have some issues with compiling the kernel and installing the conntrackd. I am wiating for your valuable helps.
 
Old 03-04-2007, 05:20 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,406

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
well, help with what? i've given you projects to look at and you're bumping without responding to them. to my knowledge conntrack is a standard part of iptables, but only relevant to stateful connections within a single netfilter instance. the replication of state tables between machines is actually going to be a seperate system which only deals with entries in a data structure, not specifically in a context of tcp connections and such.
 
Old 03-06-2007, 04:30 AM   #6
ahmedken
LQ Newbie
 
Registered: Apr 2006
Posts: 8
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie
well, help with what? i've given you projects to look at and you're bumping without responding to them. to my knowledge conntrack is a standard part of iptables, but only relevant to stateful connections within a single netfilter instance. the replication of state tables between machines is actually going to be a seperate system which only deals with entries in a data structure, not specifically in a context of tcp connections and such.
Please note that conntrackd is used to provide ha for linux firewalls. http://people.netfilter.org/pablo/conntrackd/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsync : how to use and implement indiancosmonaut Solaris / OpenSolaris 8 03-04-2007 11:54 PM
How to implement linux firewall redundancy? ahmedken Linux - Security 3 02-22-2007 10:08 AM
Shell implement in c SatYr_84 Programming 8 10-06-2005 12:44 AM
brctl won't allow statefull inspection logo Linux - Networking 0 05-28-2005 11:23 AM
statefull or stateless? dominant Linux - Security 5 06-23-2004 11:17 PM


All times are GMT -5. The time now is 09:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration