Yep, that's exactly what i'm refering to...
That'll teach me for jumping in to the middle of a conversation - sorry.
Since I've brought it up though, is there any sort of demand for a
high-availability patch for M0n0wall (probably but not deffinately using
It's just been pointed out that Astaro (astaro.com) has this (we're evaluating
firewalls to head up a web cluster at the moment) so it'd be nice to get it
into M0n0wall asap. I may give it a go over the weekend.
Quoting Andrew Lewis <andrew at coastal dot com>:
> Alexander Goldstone wrote:
> > I was separating load-balancing from failover therefore I was assuming
> > would be for a single WAN connection hence my mentioning state.
> > Failover is something I am interested in and will at some point implement
> > someone doesnít beat me to it. The only thing stopping me from diving in
> now is
> > that my background is Linux (LVS / Heartbeat) and, prior to installing
> > M0n0wall, Iíve not touched a FreeBSD box. However, fvrrpd (
> > http://www.bsdshell.net/hut_fvrrpd.html ) looks like it'll allow M0n0wall
> > fail over nicely.
> I think you're referring to multiple m0n0wall units, in a high
> availability configuration?
> That's not quite what I'm referring to in my use of failover. I am
> referring to using whatever WAN interface has solid connectivity. In my
> case the upstream ISP may have a failure and I don't want to send any
> more packets their way. It's not as simple as a close router failure,
> it could be a DDoS attack at their edge and even though I can talk to
> their network I can't get to the internet at large through them. Hence
> the TCP/ping testing to something like google.com one each WAN interface
> to determine if it has healthy connectivity.