[PLUG] iptables gateway firewall working, what do I need to do...

Michael Robinson michael at ns1.robinson-west.com
Tue Apr 15 02:15:03 UTC 2003


to migrate to a RIP2 environment so that my two Internet 
gateways can automatically substitute for each other?  
Ordinarily to open a gateway I set the default 
route to the external address on that gateway instead 
of the lan address of a substitute gateway.  All workstations 
behind need to know which gateway to point to since 
there are two to choose from now.  If a gateway is down, 
the default route of lan connected hosts needs to change 
to an available substitute. 

I guess I need to get more than one ip for this to work although
I wouldn't mind a manual switch so that essentially two gateways
are up, but one always has a broken connection.  It wouldn't be
perfectly automatic, but throwing a switch isn't a big deal.  Using 
a manual switch, wire changer, I guess both gateways could be 
configured with the same ip on their external interface since they 
wouldn't be simultaneously media connected to the DSL bridge.  
On the other hand, $5 a month for the extra ip's to permanently 
connect my two gateways simultaneously is probably a better 
idea.  Not to mention, doing the latter would allow me to have 
a backup dns server for robinson-west.com for the first time.

I'm running Redhat 7.2 on two identical P-III's using a 386
as my backup gateway.  I don't know if I can put 7.2 on the 
386 which currently runs 6.2 within 20 megs of ram.
If I set the X server up as a gateway how do I firewall X,
tftp-server, and ltsp from the outside world?  Can dhcp
funciton on a dual homed machine?  Is dhcp 3 production
and does it support redundancy?  Can samba wins
servers be made redundant or is it better for me to
distribute an lmhosts and password file to all clients?
Maybe I should move my samba domain controller to my
mail machine even though I fear I'm loading all the
services onto it.  Is there a safe way to tie the processing
power of my two identical servers together so that load
balancing is less of a concern without compromising
firewall integrity by having raw processing somehow
end up on the Internet?  

Now that I'm looking at two gateways how do I test for and
prevent loops?  A loop being where traffic goes out one 
gateway and comes back in the other.  Lan traffic should
go direct to the server, not out onto the Internet first. 




More information about the PLUG mailing list