[gentoo-user] Gentoo router redundancy via Ucarp?

[James <wireless@tampabay.rr.com>]

Hello,

I'm still hacking at my first Linux firewall. I decided to build
in redundancy, via CARP which replaces the cisco protocol VRRP.
I like to develop 2 versions:
A. 2 redundant routers on one cable modem(static IP) drop.
B. 2 redundant router each with a different network/circuit
to the internet.

'UCARP' is in portage, and I was wondering:

1. Has anyone used 'ucarp' with iptables, willing to share configs?

2. How do you get your ethernet cards to reply to arp/mac requests
with the same MAC address? A pci based ethernet card with programmable
MAC address would be keen. If one does not exist, I'm quite tempted 
to do the layout, and develop the firmware (not a big deal).
Suggestions as to which chips to use, so as to be able to use
an existing driver from a 10/100 card (realtek?) would be keen.

3.  Is it stable? Comments?

4. Have you implemented QOS semanitics with UCARP on Gentoo, and
would you be willing to share information?

5. Since my cable access provider scans MAC address and locks up
my cable box(therefore I have to shut if off for 5 minutes upon
changing the MAC address of my router) if different MACs are used,
do you have a workaround for this?

6. If I implement UCARP on a  network with 2 different wiring/circuits
that support static TCP/IPs (cable modem and wireless T-mobile) how
do I setup external routing to use both pipes, without BGP-4?

7. When I'm finished what's the best method to test the robustness
of the router configuration, against security attacks? i.e.
a friendly penetration test volunteer?


James

-- 
gentoo-user@gentoo.org mailing list