Contributed by jolan on from the desenrascanco dept.
Last weekend, at an event in Portugal, the local user group showed a redundant OpenBSD firewall working with two soekrises and two laptops. They had one laptop playing an mp3 that was physically on the second laptop, being shared via NFS, and then simulated a failure on the firewall. A second machine claimed automatically the firewall identity on the network and the music playing just choked a bit and recovered nicely. Kind of what Ryan McBride did at EuroBSDCon but without the axe part! Anyway, it definitely was fun to watch and it is also a good reminder of an OpenBSD based solution that companies can implement under a low budget. Some photos are also available.
(Comments are closed)
By Anonymous Coward (24.226.124.161) on
Comments
By Anonymous Coward (66.8.250.79) on
By Anonymous Coward (216.175.250.42) on
By Anonymous Coward (131.130.1.135) on
Comments
By anonymous pedro (201.17.60.11) on
definitely
but then, perhaps it was... turned off?
By Anonymous Coward (139.142.184.213) on
Comments
By Amir Mesry (66.23.227.241) starkiller@web-illusions.net on
By Anonymous Coward (69.193.125.65) on
By Anonymous Coward (72.66.28.35) on
Comments
By Anonymous Coward (81.84.174.230) on
By Rodolfo Gouveia (213.146.199.119) on
Comments
By Anonymous Coward (128.171.90.200) on
Comments
By anonymous pedro (201.17.60.11) on
By Bastiaan Jacques (86.83.136.97) on
A second machine claimed automatically the firewall identity on the network and the music playing just choked a bit and recovered nicely. Kind of what Ryan McBride did at EuroBSDCon but without the axe part!
When McBride did it, the sound reportedly didn't skip at all. Were the guys in Portugal doing something wrong?
Comments
By Anonymous Coward (87.78.70.102) on
Comments
By mcbride (216.19.177.194) mcbride@openbsd.org on
If you've seen my demo live, you'll know that I also demonstrate unplugging BOTH firewalls, to show how quickly the music dies when theres no network. the awswer: almost instantaneously (not measured, but I'd guess under 0.5 seconds)
I've learned to be very careful about showing that there is no smoke-and-mirrors, ever since a demo in Ireland where the music contiued playing after both firewalls were unplugged. Either filesystem or mpg123 buffering were the cause.
Comments
By Anonymous Coward (87.78.70.202) on
By Anonymous Coward (134.58.253.114) on
Comments
By Anonymous Coward (202.45.99.46) on
By Chas (12.217.82.49) on
Somebody really needs to write a book on firewalling with OpenBSD. I really need to learn this stuff in more detail.
Was this NFS v4 over TCP? I didn't realize that NFS could be firewalled in this way (seems even more difficult than FTP).
And the CARP stuff seems absolutely amazing.
I wonder if CARP could work with the TIS Firewall Toolkit. I still use this stuff a lot at work (and tn-gw is still something that is impossible to do with ssh).
Comments
By Anonymous Coward (87.78.70.102) on
By J.Jacques Roh (83.228.162.7) on
By Peter N. M. Hansteen (194.54.107.19) peter@bgnett.no on http://www.bgnett.no/~peter/pf/
By me (81.204.188.152) on
By Lennie (82.75.30.141) on
I could be wrong. :-)
Well, the combination makes it a real HA-free-and-open-stateful-connection-tracking-firewall.