[LARTC] Redundant firewall

[Sebastien Guay]

Hi,

I hope this is not OT.  I searched through the archives but didn't find 
anything really answering my question.

I want to create a cluster of two firewalls with Linux-HA so that if 
the primary fail, the secondary firewall will take over.  Note that I 
don't care about syncing states between firewalls, they will just have 
to reconnect :)

It's a typical configuration:

                    _______FW1_______
                   /        |        \
INTERNET--ROUTER--<         |HB       >--SERVER
                   \_______ | _______/
                           FW2

HB is the heartbeat between the two firewalls.

The default gateway of SERVER will be the IP address of the cluster of 
firewall.  So SERVER->INTERNET will always go through the right FW.

But I'm concerned about INTERNET->SERVER (public IP).

My question is: will enabling proxy_arp on the active firewall and 
disabling it on the inactive be enough to route the traffic through the 
correct(active) firewall?

Thanks

Sébastien
--