DMZ Failover Servers


#1

Hi !

Does VyOS supports DMZ failover servers with built-in commands, or it have to be done via cron, ping at timed intervals, and shell script ?
First (main) server running in DMZ (DNS, e-mail, web, squid transparent proxy, ftp) have IP 192.168.1.2
Backup (failover) - 192.168.1.3
All DNS requests from internal network, or from outside, must be redirected with DNAT to one of server listed above.
DNS requests from router itself - to DNS of our provider.

2 links from 2 providers, 1 active and another failover backup (no load balancing).

Currently running Shorewall, but planning to switch to VyOS due to limitations of first.

Thanks in advance for any suggestion(s).


#2

I think I would set up Pacemaker/Corosync/similar in that situation. I’m not sure if that’s possible in your situation but that seems like a more elegant solution IMO.
Does Shorewall offer that sort of functionality? I don’t recall anything that does off the top of my head, but I’m not going to claim I’ve worked with a bajillion different firewalls/UTM/routers either. Come to think of it, I don’t know how Vyos handles setting up multiple NAT rules like that. I’m assuming NAT based on how you described the setup.


#3

With combination of cron/shell scripts its possible to change DNAT rules in Shorewall. Not very elegant solution, however.