| 1 |
Hello, |
| 2 |
|
| 3 |
I'm still hacking at my first Linux firewall. I decided to build |
| 4 |
in redundancy, via CARP which replaces the cisco protocol VRRP. |
| 5 |
I like to develop 2 versions: |
| 6 |
A. 2 redundant routers on one cable modem(static IP) drop. |
| 7 |
B. 2 redundant router each with a different network/circuit |
| 8 |
to the internet. |
| 9 |
|
| 10 |
'UCARP' is in portage, and I was wondering: |
| 11 |
|
| 12 |
1. Has anyone used 'ucarp' with iptables, willing to share configs? |
| 13 |
|
| 14 |
2. How do you get your ethernet cards to reply to arp/mac requests |
| 15 |
with the same MAC address? A pci based ethernet card with programmable |
| 16 |
MAC address would be keen. If one does not exist, I'm quite tempted |
| 17 |
to do the layout, and develop the firmware (not a big deal). |
| 18 |
Suggestions as to which chips to use, so as to be able to use |
| 19 |
an existing driver from a 10/100 card (realtek?) would be keen. |
| 20 |
|
| 21 |
3. Is it stable? Comments? |
| 22 |
|
| 23 |
4. Have you implemented QOS semanitics with UCARP on Gentoo, and |
| 24 |
would you be willing to share information? |
| 25 |
|
| 26 |
5. Since my cable access provider scans MAC address and locks up |
| 27 |
my cable box(therefore I have to shut if off for 5 minutes upon |
| 28 |
changing the MAC address of my router) if different MACs are used, |
| 29 |
do you have a workaround for this? |
| 30 |
|
| 31 |
6. If I implement UCARP on a network with 2 different wiring/circuits |
| 32 |
that support static TCP/IPs (cable modem and wireless T-mobile) how |
| 33 |
do I setup external routing to use both pipes, without BGP-4? |
| 34 |
|
| 35 |
7. When I'm finished what's the best method to test the robustness |
| 36 |
of the router configuration, against security attacks? i.e. |
| 37 |
a friendly penetration test volunteer? |
| 38 |
|
| 39 |
|
| 40 |
James |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-user@g.o mailing list |
Archives