Hi, anyone has successfully implement iptables state transfer for redundant
shorewall? I managed to get keepalived running with shorewall. But the problem
is the state of the connection stays on one box. I tried to use netfilter
conntrackd userspace and ct-sync (if I''m not mistaken) to no avail.
platform is centos 5.2 std install.
netfilter conntrackd screwed up the connection state.
ct-sync kernel patch simply doesn''t work.
Anyone can provide a pointer "how to" would be much appreciated.
Thank you.
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
Lito Kusnadi wrote:> Hi, anyone has successfully implement iptables state transfer for > redundant shorewall? I managed to get keepalived running with > shorewall. But the problem is the state of the connection stays on > one box. I tried to use netfilter conntrackd userspace and ct-sync > (if I''m not mistaken) to no avail. > > platform is centos 5.2 std install. > > netfilter conntrackd screwed up the connection state. ct-sync kernel > patch simply doesn''t work. > > Anyone can provide a pointer "how to" would be much appreciated.I doubt that you will find a "How To" that marries cutting-edge development like ct-sync/conntrackd with comparatively ancient technology like CentOS 5.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Hi Tom, in your opinion, is there any more straighforward way to transfer the connection state? or may be you know which distro that work with conntrackd/ct-sync out of the box (at least with minimal grieve) to configure. by the way, love your work. thanks. Lito --- On Wed, 6/3/09, Tom Eastep <teastep@shorewall.net> wrote:> From: Tom Eastep <teastep@shorewall.net> > Subject: Re: [Shorewall-users] twin shorewall iptables state transfer > To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> > Date: Wednesday, June 3, 2009, 3:35 AM > Lito Kusnadi wrote: > > Hi, anyone has successfully implement iptables state > transfer for > > redundant shorewall? I managed to get keepalived > running with > > shorewall. But the problem is the state of the > connection stays on > > one box. I tried to use netfilter conntrackd userspace > and ct-sync > > (if I''m not mistaken) to no avail. > > > > platform is centos 5.2 std install. > > > > netfilter conntrackd screwed up the connection state. > ct-sync kernel > > patch simply doesn''t work. > > > > Anyone can provide a pointer "how to" would be much > appreciated. > > I doubt that you will find a "How To" that marries > cutting-edge > development like ct-sync/conntrackd with comparatively > ancient > technology like CentOS 5.2. > > -Tom > -- > Tom Eastep \ When I die, I want > to go like my Grandfather who > Shoreline, \ died > peacefully in his sleep. Not screaming like > Washington, USA \ all of the > passengers in his car > http://shorewall.net > \________________________________________________ > > > -----Inline Attachment Follows----- > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for > enterprises > looking to deploy the next generation of Solaris that > includes the latest > innovations from Sun and the OpenSource community. Download > a copy and > enjoy capabilities such as Networking, Storage and > Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > -----Inline Attachment Follows----- > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Lito Kusnadi wrote:> Hi Tom, > > in your opinion, is there any more straighforward way to transfer the > connection state? or may be you know which distro that work with > conntrackd/ct-sync out of the box (at least with minimal grieve) to > configure.Practically any current distribution except CentOS should be okay; certainly better than CentOS. Fedora 11 and Ubuntu 9.04 currently have slightly more recent kernels than Debian Lenny and OpenSuSE 11.1 but all of them are 2.6.26 or later.> > by the way, love your work. >Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get