Re: Firewall Load Balance

[mahhy <mahhy () undertow ca>]

On Tue, 16 Apr 2002, Marcelo Barbosa Lima wrote:
>             Is it possible to implement an architecture of firewall load
> balance using only two Linux Boxes? LVS permits to implement load
> balance to services. I want to offer load balance and high availibility
> using Linux. Did anybody do it? Thanks,

I currently do this at work.  Two Linux iptables firewalls, using the High 
Availability package from www.linux-ha.org.

This allows the Primary Firewall to fail and the Secondary to take over.  
I know this isnt quite what you are looking for, as you would like to load 
balance over the two machines.

My solution to this was to use OSPF on the firewalls, and a fairly 
intelligent router behind the firewall.  It basically round robins any 
outbound connections to the two machines (since in OSPF terms there are 
two default routes).

I'm sure there are other ways to achieve this as well.

-- 
Rob Rankin
mahhy () undertow ca
http://undertow.ca

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards