[Shorewall-users] CARP in Shorewall?

Discussion:

Rich Wales

2016-10-27 22:16:49 UTC

Is there a way to configure a pair of Shorewall firewalls to do
transparent failover?

I'm looking at the CARP feature of pfSense, but I want to see if similar
functionality is available in a Shorewall environment before committing
myself to a radical change in my firewall infrastructure.

--
*Rich Wales*
***@richw.org

Tom Eastep

2016-10-27 22:27:34 UTC

Permalink

Post by Rich Wales
Is there a way to configure a pair of Shorewall firewalls to do
transparent failover?
I'm looking at the CARP feature of pfSense, but I want to see if
similar functionality is available in a Shorewall environment
before committing myself to a radical change in my firewall
infrastructure.

I am not aware of any off-the-shelf products for doing transparent
failover with Shorewall.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

Tom Eastep

2016-10-27 23:54:52 UTC

Permalink

Post by Tom Eastep

I am not aware of any off-the-shelf products for doing transparent
failover with Shorewall.

That having been said, I'm confident that conntrackd and keepalived
can work with Shorewall; I haven't spent any time trying to configure
such a setup.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________

Filippo Carletti

2016-10-28 08:01:21 UTC

Permalink

Post by Tom Eastep
That having been said, I'm confident that conntrackd and keepalived
can work with Shorewall; I haven't spent any time trying to configure
such a setup.

In the past, I've setup ucarp and conntrackd with shorewall 4.6.4 on
CentOS. I should have notes somewhere.

--
Ciao,
Filippo