Failover firewalls with ipfw?

From: Sean Lutner (sean@rentul.net)
Date: 01/19/01 

Date: Fri, 19 Jan 2001 14:30:38 -0500 (EST)
From: Sean Lutner <sean@rentul.net>
To: <freebsd-security@freebsd.org>

I'm currently doing some research into firewalls, and which one(s) would
be right for my network. I'm considering everything from Checkpoint-1, to
Cisco Pix, to ipchains, to ipfw on FreeBSD. My question is this. Does
anyone out there know of any utilities/code/addons I could use to
implement a failover pair of firewalls using ipfw and fbsd? Ideally I'd
like to do stateful failover, but having two machines always on and a
heartbeat solution might wirk as well. If anyone can offer some pointers,
it would be much appreciated.

Sean Lutner | www: http://www.rentul.net
e-mail: sean@rentul.net |

"Imagination is more important than knowledge." -- Albert Einstein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Failover firewalls with ipfw?
    ... > I'm currently doing some research into firewalls, ... > Checkpoint-1, to Cisco Pix, to ipchains, to ipfw on FreeBSD. ... > utilities/code/addons I could use to implement a failover pair of ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Failover firewalls with ipfw?
    ... > I'm currently doing some research into firewalls, ... > Cisco Pix, to ipchains, to ipfw on FreeBSD. ... > implement a failover pair of firewalls using ipfw and fbsd? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Couple of network questions (NAT, firewalls)
    ... Let's start with firewalls. ... I've compiled my kernel to support both ipfw and ipf. ... ipfw add 500 divert natd all from 192.168.0.5 to any via re0 pfw add ... So what is that connection between nat and ssh? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Large number of http connections immediately dropped
    ... We didn't see this problem after recompiling without SMP support and waiting for a day or two, but that immediately brought the load average up to around 50 and made it much slower, so that's clearly not a solution. ... The reason to ask the firewall question (ipfw, pf, etc) is that as the rate of TCP connections goes up, and if there are a small number of addresses involved, the reuse rate for TCP/IP port/address tuples becomes very high, which can cause connections to reuse tuples too quickly. ... Sometimes firewalls are more sensitive to this than the stack -- especially if those firewalls are doing things like randomizing port numbers, TCP sequence numbers, etc, so in the past there have been reports along those lines. ...
    (freebsd-performance)
  • RE: FreeBSD Gateway problems
    ... Which of the firewalls do you want to use and if you want to use both what ... After following some other How-Tos I tried running ipfw, ... No virus found in this incoming message. ... Checked by AVG Anti-Virus. ...
    (freebsd-questions)