-----BEGIN PGP SIGNED MESSAGE----- i take it you're bridging more than just IP, because if you are only doing IP, you should not have to see any mac addresses. the switches should take care of sending out ARP requests. something sounds setup wrong, you should not need to see MAC address traffic for a system like that to work. Thank You, Ben Kochie (ben at nerp.net) "Unix is user friendly, Its just picky about its friends." On Mon, 4 Jun 2001, Jason Jorgensen wrote: > They are going to replace a single MASQing firewall. All traffic was going > through one firewall anyways. Now it will be 2 linux bridges with masq rules > that will failover. We arent using those for public space. > > If the bridges cant see the mac addresses of the boxes on both sides of the > bridge then they wont route any data across. > > Your absolutely right. It might be better to have a sleeping firewall that > could be awakened with some linux heartbeat software. We are investigating > our options at the present and this was one solutions presented. We were > thinking spanning tree switches with spanning tree bridging firewalls. Right > now we are just compiling a pro's and con's list for the different options. > One of the con's is having to purchase different switches. But I need to know > what kinda of switches to get for this configuration and there price. > > > > > Ben Kochie wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > why in the world would you need both linux servers to have access to all > > traffic on the network, that's a really _bad_ idea when it comes to > > bandwidth, AND security. the whole point of having a switch is so that > > traffic between hosts doesn't affect traffic between other servers and > > hosts. if you need to do failover, the 2 linux servers should have an > > active connection between them, which doesn't require that they monitor > > traffic. > > > > Thank You, > > Ben Kochie (ben at nerp.net) > > > > "Unix is user friendly, Its just picky about its friends." > > > > On Mon, 4 Jun 2001, Jason Jorgensen wrote: > > > > > We are trying to setup a couple of linux boxes to act as a bridge so > > > that we have some redundancy if one box fails. To do this the linux > > > boxes need to "see" each other and all traffic on the network. However > > > we are using switches for security and the switches only have > > > capabilities for one monitoring port (a port that sees all traffic, just > > > like a hub would do). We would need 2 monitoring ports on each of our 2 > > > switches to allow the bridges to work properly. So I would like some > > > suggestions on switches that would have more than one monitoring port. > > > Right now we are using HP ProCurve 2424's. > > > > > > _______________________________________________ > > > tclug-list mailing list > > > tclug-list at mn-linux.org > > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: 2.6.3ia > > Charset: noconv > > > > iQCVAwUBOxufuctpDhsSpvgtAQGRwAQAjsqvjJcMHoYsH4ElrXqPG5E9OCML8qsK > > fonuM1taK5tQ7vzTbWyDE8FY1ePv3NmIWzUEn3TXlsjWNnhlbpEGa1/kqOKFLE0A > > XPwZw17mgkLNN3xXauIvUzHriXyPO04okIfS9DlUZM2c39T+V8vOsNSdS8TQCfCW > > Ia14Xe//qh4= > > =a+7V > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > tclug-list mailing list > > tclug-list at mn-linux.org > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list > -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBOxvJ2ctpDhsSpvgtAQF1vgP7BCmDVITRWUQD2fy3J22SNJtXYQzgG1EF PgQHkBM8EPhLacKhYYwKIjhi0iZ32Vx/kL3Ryc5bxmyixIRsYPEK//ikt/NuC0yg JiMvk2BPfAQi6yNI7CJetpoCrsTOvnuzqm68fcDzhyyFtcIpzj2RIqR+Cgrp8dq9 qtQ1QGRZ7RE= =7aEW -----END PGP SIGNATURE-----