Hi Has any one tried to run a failover shorewall using LVs and keepalived . Any pointer will be highly appretiated . Thanks --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.587 / Virus Database: 371 - Release Date: 2/12/2004
Hi, I have keepalived running on our firewall with shorewall. I am only using keepealived for the failaver (using vrrp). There is nothing special that I had to do in shorewall, except add: In /etc/shorewall/common run_iptables -A common -d 224.0.0.0/4 -s FW2_IP/32 -j ACCEPT Obviously the same rule on both machines, with the IP of FW1_IP on the other. Regards Paul Wollner On Fri, 2004-02-13 at 03:07, mtawafig wrote:> Hi > Has any one tried to run a failover shorewall using LVs and keepalived . > Any pointer will be highly appretiated . > Thanks > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.587 / Virus Database: 371 - Release Date: 2/12/2004 > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Thursday 12 February 2004 11:32 pm, Paul Wollner wrote:> Hi, > > I have keepalived running on our firewall with shorewall. I am only > using keepealived for the failaver (using vrrp). > > There is nothing special that I had to do in shorewall, except add: > In /etc/shorewall/common > > run_iptables -A common -d 224.0.0.0/4 -s FW2_IP/32 -j ACCEPT > > Obviously the same rule on both machines, with the IP of FW1_IP on the > other. >Why did you believe that you had to add that rule to common rather than the following? ACCEPT z:$FW2_IP $FW:224.0.0.0/4 Where ''z'' is the zone from which the other firewall sends these multicasts. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net