Displaying 20 results from an estimated 10000 matches similar to: "shorewall restart with keepalived (redundant firewalls)"
2003 Oct 29
5
shorewall question
I am currently using shorewall on leaf-bering. I have set it up with
keepalived to create a high availabilty firewall cluster. I have an odd
question in regards to shorewall. Currently in production I have
keepalived controlling shorewall starts and stops. If I remove this and
leave shorewall running on the backup firewall, will I run into any
problems with having the nat tables built out and
2005 Jan 21
5
Cannot restart shorewall
Hi Tom and other gurus,
I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it.
I got the following error
...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to fw using chain loc2fw
Policy ACCEPT for loc to net
2015 Sep 29
3
Keepalived vrrp problem
Hey guys,
I'm trying to install keepalived 1.2.19 on a centos 6.5 machine. I did an
install from source.
And when I start keepalived this is what I'm seeing in the logs. It's
reporting that the VRRP_Instance(VI_1) Now in FAULT state.
Here's more of that log entry:
Sep 29 12:06:58 USECLSNDMNRDBA Keepalived_vrrp[44943]: VRRP Instance = VI_1
Sep 29 12:06:58 USECLSNDMNRDBA
2003 Jan 31
0
Shorewall and keepalived
I am trying to figure out a way to have the two packages running on the
system. Is there a way to tell shorewall NOT to define IP addresses for a
specific port so keepalived(vrrp) can create them and not cause a
conflict. Or for that matter the other way around would work. Any help
would be appreciated.
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2004 Sep 20
2
After upgrade people can no longer connect
Hello Tom,
I''ve been using Shorewall for years without problems. My previous version of
shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using
rpm to 2.0.8-1. After update no one can connect to any interface from net.
Server can connect to outside world fine and those described in routestopped
have no problem connecting. Any help correcting this problem would be
2011 May 18
0
Can't build Keepalived 1.2.1 on CentOS-4
Hello,
I get this error when trying to build Keepalived 1.2.1 on a CentOS-4 box:
# gcc -g -O2 (..) -D_WITH_LVS_ -D_WITH_VRRP_ -c smtp.c
In file included from ../include/vrrp.h:31,
from ../include/smtp.h:34,
from smtp.c:27:
*../include/vrrp_ipaddress.h:32:27: linux/if_addr.h: No such file or directory*
In file included from ../include/vrrp.h:31,
2005 May 25
2
Firewall failover
Hi all,
We are investigating on firewall failover design. I have searched the
net and found that projects like LVS have it mostly solved for their
side but that netfilter lacks it.
Of course, a simple failover of the firewall is available using things
like VRRP (KeepAlive software) but without state syncronization, and
that is preciselly the part we need to investigate.
Is this issue
2017 Sep 17
0
keepalived segfault after upgrade to 7.4
Prior to upgrading to CentOS 7.4 everything was fine, after upgrade I'm
seeing
/etc/keepalived# keepalived -f /etc/keepalived/keepalived.conf --dont-fork
--log-console --log-detail --dump-conf -m -v
Starting VRRP child process, pid=17224
Registering Kernel netlink reflector
Registering Kernel netlink command channel
Registering gratuitous ARP shared channel
Opening file
2007 Dec 06
3
Best setup for redundant routers.
I am setting up 2 Vyatta routers that will serve as redundant failover
core routers out to the backbone of our ISP. They will be serving for
routing between other branches and the ISP and bandwidth management.
I am trying to differentiate between the plethora of information about
having redundant, automatic failover routers and pretty much decided on
VRRP for the IP address failover mechanism.
I
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2002 Dec 10
5
VRRPD (rfc2338)
Can someone point me for good VRRPD (rfc2338) implementation on linux.
Some stable and live project
Thanks
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
2005 Jan 07
6
Questions: place for doco, and routestopped during ''shorewall restart''
Hi folks,
A while back we had some discussions about integrating heartbeat and
shorewall. Thanks to your help and the excellent state of Linux
failover clustering, i''ve managed to install my high-availability
firewall. I know there''s already a howto for it at
http://www.xenos.net/library/hafirewall.html, but i thought i would
document my setup for others, since it''s
2007 Jun 27
3
Adding custom iptables rules to shorewall
Hi,
I''m trying to add following iptables rules to shorewall:
iptables -I INPUT -d 192.168.1.1
iptables -I OUTPUT -s 192.168.1.1
What should I put in my custom action or any ware else?
I need these rules for munin accounting.
iptables -L INPUT -v -n -x
Chain INPUT (policy DROP 5 packets, 260 bytes)
pkts bytes target prot opt in out source
destination
7175
2015 Sep 29
1
Keepalived vrrp problem
Em 29-09-2015 15:03, Gordon Messmer escreveu:
> On 09/29/2015 09:14 AM, Tim Dunphy wrote:
>> And if I do an ifconfig command I see no evidence of an eth1 existing.
>
> "ifconfig -a" will show you all of your interfaces.
Maybe there is a confusion here. Sounds like Tim thought keepalived
would create that eth1, like a tunnel interface, but it won't. You have
to
2006 Jun 01
1
audio streaming points different with VRRP
Hi!I've a question:
I've 2 asterisk, I want pull the ethernet wire and then reconnect it after 5
second, using the VRRP protocol, where must I set the IP for the
connection goes on the second asterisk?
I want this:
I call to asterisk1, then I pull the ethernet wire down, vrrp makes up the
other asterisk but not the audio streaming...the callers are always pointed
to asterisk1, but for the
2003 Mar 21
1
Shorewall config format
Hi,
I''m a long time shorewall user and I like it very much. There is only
one thing were I''m not always happy with: the config files.
There has been discussion on the list about the comments in the files.
My concern is that I loose overview over my configuration because of the
many config files. Of course there are advantages too but I thinking
wether another config format would
2015 Sep 29
0
Keepalived vrrp problem
On 09/29/2015 09:14 AM, Tim Dunphy wrote:
> And if I do an ifconfig command I see no evidence of an eth1 existing.
"ifconfig -a" will show you all of your interfaces.
2007 Oct 10
3
failover with conntrackd
Hi.
Is anyone using conntrack-tools to implement gateway failover on a
network with windows clients?
I set it up with ucarp and keepalived, and found that gratuitous ARP
doesn''t always seem to update the cache on Windows machines. It works
the first time, but if a second failover happens, the client continues
to send stuff to the wrong MAC address. Linux machines work fine.
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could