[Fwbuilder-discussion] Interface configuration for HA-Cluster
Brought to you by:
mikehorn
Menu
▾
▴
[Fwbuilder-discussion] Interface configuration for HA-Cluster
|
From: Alexander R. <ru...@tu...> - 2011-02-28 12:37:15
|
Hi list, I'm about to migrate a single FW host setup into a HA-Cluster. Studying Michael Schwartzkopff's excellent Howtos I wonder whether it is really necessary to use up 3 IPs for each segment (2 for the firewall hosts and one for the cluster). Isn't it possible to simply set all but the management interfaces to 0.0.0.0 and then have the cluster move around the real IP? Maybe I could even shutdown the interfaces on the Slave? The firewall script will get executed in case of a failover anyway, so am I missing the obvious? The background is that my firewall connects 12 segments. Some segments are /30 nets with only 2 usable IPs which are already used up (one by the firewall, the other by the next hop router). So if the 0.0.0.0 solution would work it would save me a lot of trouble because I don't administrate any of the next hop routers and thus would like to avoid the necessary network resizing. And finally: which minimal version of fwbuilder do I need in order to get best cluster support? I'm currently stuck with 3.0.7 (Debian Squeeze). Cheers and thanks in advance for you answers, alex |