Re: distributed natd
From: John Van Boxtel (jvb@whoowl.com)
Date: 08/10/01
- Next message: Kulraj Gurm: "Code Red Autoresponder"
- Previous message: Krzysztof Zaraska: "Re: IPFW Dynamic Rules"
- In reply to: Krzysztof Zaraska: "Re: distributed natd"
- Next in thread: Krzysztof Zaraska: "Re: distributed natd"
- Reply: Krzysztof Zaraska: "Re: distributed natd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Van Boxtel" <jvb@whoowl.com> Date: Fri, 10 Aug 2001 09:26:56 -0700
> Next, I don't know whether they should communicate over TCP or UDP. I
> would use UDP since it might be faster and it allows broadcasts (one
> firewall broadcasting changes to all others on the secure network) but is
> unreliable. A persistent TCP connection may be also considered.
The persistent TCP connection could be used well as if the connection
dropped this could signal that the other gateway is down for whatever
reason. This would not be useful for telling if that gateway no longer has
an upstream connection but it would definitely let you know that the gateway
is no longer availible (ie power lost, hardware failuer, etc)
> It is however not clean to me how and how often you want to check if
> firewall is alive.
See above, this would instantly, let you know it's gone, but it would only
tell you that the gateway is dead not when the gateway is up but its
upstream is down.
Interesting stuff :-)
JVB
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Kulraj Gurm: "Code Red Autoresponder"
- Previous message: Krzysztof Zaraska: "Re: IPFW Dynamic Rules"
- In reply to: Krzysztof Zaraska: "Re: distributed natd"
- Next in thread: Krzysztof Zaraska: "Re: distributed natd"
- Reply: Krzysztof Zaraska: "Re: distributed natd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
