Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Apr 2011 20:04:57 +0200
From: Piotr Meyer <aniou@...tek.pl>
To: owl-dev@...ts.openwall.com
Subject: Re: new soft: conntrack, ucarp

On Mon, Apr 25, 2011 at 07:52:36PM +0400, Vasiliy Kulikov wrote:
> I'll use conntrack in numerous virtual environments in testing purposes
> (not to test conntrack itselt ;)).  Unfortunately, I'll likely use
> neither ucarp nor conntrackd.  I heard from CMC MSU sysadmin that they
> use ucarp for pf (FreeBSD firewall) with pfsync (analog of conntrackd
[...]

I use ucarp for years. It's lovely piece of software - small, reliable,
customizable (ucarp calls shell scripts when enters in master/backup
state - they can virtually do anything - add extra addresses or routes,
bring up daemons, etc. etc.). ucarp has also one delicious feature - 
when their eth link is down they don't try to enter in master state, 
assuming that disappearing master is result of local (link) problem. 

Works fine for linux-based, redundant routers and proxies.

-- 
Piotr 'aniou' Meyer

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ