Firewall Redundancy

[briansrapier]

I'm in the process of standing up new circuit coming into our facility. Right now, I have a single firewall controlling access to/from the outside. I do have a second machine ("hot spare"), but I wanted to know itf there is a simple method of standing it up in active/passive or as a cluster, perhaps.

I originally thought about bonding the NICs on my x-router (linux-based) and hangin gone machine off each NIC, but:
1) the vendor won't support it if I modify the kernel.
2) I'm not sure if I would be creating a routing loop or worse.

OpenMosix?

[zen_guerrilla]

Your best bet is using OpenBSD & the CARP feature (check http://www.openbsd.org/cgi-bin/man.cgi?query=carp&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html for more info).
It does exactly what you want. There is also a user-space implementation of CARP for linux, called ucarp (http://www.ucarp.org) & is available on gentoo.

[bbandeira]

I think ther better choice for this is UCARP in portage.

emerge ucarp and be happy.

With ucarp u can do that so easy.
_________________
Linux: Very popular because of your speed and avaiability:: Gentoo Linux::: The better choice