[Linux-HA] HA Firewall
North Country Boy
northcountryboy79 at hotmail.com
Thu Nov 15 07:50:25 MST 2007
Hi, Could you please repost. This is really unreadable. Thanks, Dejan
Of course, many thanks in advance
--- original message ---
Ok ok, I admit. I dont get it!!!! I am trying to config a simple HA firewall and it just isnt working to how I had imagined. Ok here is the deal. The Firewall has two interfaces 1) Internal interface eth1 192.168.0.254 2) External Interface eth0 195.63.63.100, 195.63.63.101, 195.63.63.102 The plan would be that in the event of failure, these IP addresses as well as an iptables script would be brought online on the second box. The story so far.... Because I am new to this, I wanted to take things nice and slowly and realise the full solution in stages so that I could learn & understand. I decided to test a simple failover with one ip just using the external interface. I added a second nic to both machines (node1 & node2) and got heartbeat working no problem. Using the verison 1 haresource file, I added the following line node1 195.63.63.101 In the ha.cf file I added ping 195.63.63.254 (an external router accessible by both nodes) Also I added the ipfail command. Ok so heartbeat all looks good so far, the new address 195.63.63.101 is added as eth1:0 No I prevent access to the external router from node1, it recognises that it can no longer reach 195.63.63.254 in the logs, whilst node 2 says and does nothing. huh???? I thought that at this point, ipfail flags a failure and the failover process begins???? Conicidentally, pulling the heartbeat cable causes the failover to happen perfectly (which is nice to know). So now I am left wondering... If my external eth0 card fails, this isnt enough to cause failover? Now I am guessing 3 things. 1) I have missed the point 2) I have missed something obvious 3) One of you kind hearted souls can see the which of the previous points is correct! :-)
_________________________________________________________________
Celeb spotting – Play CelebMashup and win cool prizes
https://www.celebmashup.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ha.cf
Type: application/octet-stream
Size: 127 bytes
Desc: not available
URL: <http://lists.linux-ha.org/pipermail/linux-ha/attachments/20071115/25032cc4/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: haresources
URL: <http://lists.linux-ha.org/pipermail/linux-ha/attachments/20071115/25032cc4/attachment.ksh>
More information about the Linux-HA
mailing list