similar to: gateway failover with linux

Hi. Is anyone using conntrack-tools to implement gateway failover on a network with windows clients? I set it up with ucarp and keepalived, and found that gratuitous ARP doesn''t always seem to update the cache on Windows machines. It works the first time, but if a second failover happens, the client continues to send stuff to the wrong MAC address. Linux machines work fine.

Can someone point me for good VRRPD (rfc2338) implementation on linux. Some stable and live project Thanks _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

https://bugzilla.netfilter.org/show_bug.cgi?id=1381 Bug ID: 1381 Summary: Conntrackd segfaults when committing external caches Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: conntrack-daemon

Hello List: Recently our shorewall FW server went dead (PS failure) & brought the entire system down. Luckily we are testing the FW and other servers, so we did not loose anything. Now we have decided to setup two Shorewall FW servers with a primary & another fallover FW server. I have done some research cruised the Internet and found that a product ''UCARP''

Hi all! I think I remember there have discussion on this topic on this mailinglist a while ago. But the archives don''t find anything. Did anyone here set up a configuration with shorewall and heartbeat or vrrpd or ucarp? What would you prefer? Any experiences with failover times, setup problems etc? Good documentation on this? Thanks, Christian -- you don''t need eyes to see

Hello, Could someone experienced suggest good solution for failover advanced router ? The router for which I need redundancy is quite complex: 1) has 5 interfaces 2) uses the same network and the other network IP aliases on some interfaces 3) uses bunch of policy routing rules 4) uses proxyarp feature on some interfaces 5) uses complex iptables setup [propably not important in this

Greetings to all, To start I’ll firstly lay down the foundation to what I have done so far and if those of you on the list can provide further insight, tips, links etc. This scenario consists of 2 firewalls (both running Debian “etch”), 2 Cisco routers (unsure of model numbers) connected together like so in the diagram below. ----------------------- | Uplink Provider |

Hi, I´m trying use conntrackd, shorewall and keepalived. Conntrackd (now know as conntrack-tools) is working ok, keepalived too, but i don´t know how to put some iptables rules in shorewall. eth0 is the local area (192.168.0.0/24) eth1 is the net area (192.168.1.0/24) [1] iptables -P FORWARD DROP [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED - j ACCEPT [3] iptables -A

Hi all, We are investigating on firewall failover design. I have searched the net and found that projects like LVS have it mostly solved for their side but that netfilter lacks it. Of course, a simple failover of the firewall is available using things like VRRP (KeepAlive software) but without state syncronization, and that is preciselly the part we need to investigate. Is this issue

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

Hello GlusterFS users, can anybody give me please his opinion about the following facts and questions: 4 storage server with 16 SATA bays, connected by GigE: Q1: Volume will be set up as distributed-replicated. Maildir, FTP Dir, htdocs, file store directory => as sub dir's in one big GlusterVolume or each dir in it's own GlusterVolume? Q2: Set up the bricks as a collection of

I am currently using shorewall on leaf-bering. I have set it up with keepalived to create a high availabilty firewall cluster. I have an odd question in regards to shorewall. Currently in production I have keepalived controlling shorewall starts and stops. If I remove this and leave shorewall running on the backup firewall, will I run into any problems with having the nat tables built out and

Hello all, We have quite a bit of environment on "cloud". We are using our own domain names. For this purpouse we stood up a BIND9 DNS instance on Centos 7. And, this being the cloud, we enabled key based dynamic DNS for instances to register themselves when they are spun-up. We have a single master and multiple slaves. all is well, untill mater goes down and we need to spin-up

Hey guys, I am planning to buy some components for a Linux router that will handle the Internet access of 200 computers (includes tc shaping) and some inter sub-network routing (at least 100MBps per eth - and there are 3 eth cards). I was thinking of a: Pentium 4 - 3GHz 256 or 512MB RAM Network Cards. Now - I wonder what is more important: the processor speed or the amount of RAM. And can you

hi i''ve not found many hints on shorewall/ucarp/conntrackd topic. i''m sharing this with the list, so that i''m able to search and find it the next time. :) i''ve setup 2 identical systems with shorewall, ucarp and conntrackd in an active/backup way. ucarp just calls ifup/ifdown, all network configuration is maintained in /etc/network/interfaces (Debian),

Hi everyone , i have a few questions/problems with tinc , which i need to address ASAP , so i'll make it brief . i have 33 sites , connected with each other using wan , in each site , there are two linux firewalls + 3-4 more servers , i preferred to have a full mesh within my network , but unfortunately it was not possible , when i wanted every site to be connected to every other , as the

Hi, I'm trying to build a redundant duo of firewalls/routers/gateways and I'm thinking about not putting any disks in them and instead using a usb-stick raid-1 as storage. Has anyone any experience with this? Since the machines will be running pretty much only iptables, conntrackd and keepalived there is not going to be a lot of disk activity going on and the plan is to do all the

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hey guys, I'm trying to install keepalived 1.2.19 on a centos 6.5 machine. I did an install from source. And when I start keepalived this is what I'm seeing in the logs. It's reporting that the VRRP_Instance(VI_1) Now in FAULT state. Here's more of that log entry: Sep 29 12:06:58 USECLSNDMNRDBA Keepalived_vrrp[44943]: VRRP Instance = VI_1 Sep 29 12:06:58 USECLSNDMNRDBA