[thelist] Cheap Tricks - was Re: Firewalls vs. Web Databases

Hassan Schroeder hassan at webtuitive.com
Thu Sep 20 14:14:27 CDT 2001

Glenn Hunt wrote:

> 3. Use two firewalls and round-robin DNS. The biggest issue with this
> that the DNS would have to be updated if a firewall went down.

... which is a very bad situation, since change propagation takes 
an indeterminate time -- but here's a trick I've used in the past
when I had no budget for fancy hardware.  

This was for three round-robined Web servers, not firewalls, but 
the principle's the same, assuming it's a *nix-based firewall.

Call 'em A, B and C. A cron job on each box pings the next machine
[ A -> B, B -> C, C -> A ] at relatively short intervals.

If, say, A gets no response from B, it waits for a small period of 
time (in case the machine's rebooting for some reason), tries again,
and if no response this time ifconfigs up a virtual interface with 
the missing machine's IP address (and sends an alert to someone's 
pager, of course!).

No fuss, no muss, and the checkbook never left the desk drawer :-)

Hassan Schroeder ----------------------------- hassan at webtuitive.com 
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

    -- creating dynamic Web sites and applications since 1994 --

More information about the thelist mailing list