LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-20-2005, 11:44 AM   #1
RJ76
LQ Newbie
 
Registered: Sep 2004
Location: UK
Distribution: RHEL 4; RHEL 5; CentOS 4; Slackware 10.2
Posts: 28

Rep: Reputation: 15
Question High availability firewall using IPTables


I am soon installing a linux-based firewall box to protect a bunch of Windows IIS and databases servers (bespoke application) on a private network behind it. The firewall itself will perform NAT/Masquerading and port forwarding. Which is all fine, that part is straightforward.

However, what I would like to do is to make this firewall highly available and fault tolerant. So I`m thinking of adding a second similar Linux box with a similar IPTables ruleset which I would like to set up in a cluster, so that if one box fails (falls over, some bumbling idiot kicks the power cable out, hardware fault etc) then the other one will still be available to take over for subsequent connections.

I`m not too bothered about maintaining current connections as I don`t even know if that is possible when a failover happens, just as long as the second firewall will take over and handle all subsequent new connections after the first fails etc. I don`t need any form of load balancing on these boxes.

My question is, what is the best way to accomplish this, I`ve been looking at heartbeat on linux-ha.org and I`m unsure if this will work with IPTables, -it works with services that you can send a start command to such as httpd, smbd etc, but will it work for IPTables? if so, how? or is there a better way?

I know this question has been asked in a thread some time ago: (http://www.linuxquestions.org/questi...bles+heartbeat) but the last post wasn`t really conclusive as it didn`t answer the question about iptables suitability.

Thanks in advance.
 
Old 05-29-2005, 06:53 AM   #2
musicman_ace
Senior Member
 
Registered: May 2001
Location: Indiana
Distribution: Gentoo, Debian, RHEL, Slack
Posts: 1,555

Rep: Reputation: 46
Assuming you know the ins and outs of IPtables, you can create a very scalable, and highly available ruleset. For the distro, it really depends on it you want a GUI interface, or you'll just be adding rules to a script. CheckPoint are nice firewall systems, but then we're talking about purchasing a system. Any distro can have iptables and be used. Some are geared towards being used as firewalls, so I'd pick one of those distros.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
High availability itziar2 Linux - General 5 12-02-2005 07:40 AM
High availability revers proxy depdiver Linux - Networking 0 05-05-2005 03:46 PM
high availability squid without LVS--------- pal Linux - Networking 0 02-17-2005 10:05 AM
Replication + High Availability !! varungupta_82 Linux - General 0 02-28-2004 01:20 AM
High Availability Services!!!????help briant97 Linux - General 2 12-15-2000 09:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration