similar to: Using Shorewall + Linux Virtual Server LVS/DR

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hello, I'm looking for a functional FreeBSD replacement of the Linux LVS software? There is an LVS port for FreeBSD but it looks deat since 2005. Is there anything comparable or better? All best, mjb

Hello, after upgrading Shorewall (see subject) and Gentoo-Linux (from Kernel 2.6.12 to 2.6.15, both with Gentoo patches, e.g. not Vanilla) the firewall on our load balancer rejects HTTP packets for the VIP with >Mar 5 23:22:51 balance Shorewall:all2all:REJECT:IN= OUT=eth0 >SRC=XX.XXX.XXX.XXX >DST=XXX.XXX.XXX. XXX LEN=48 TOS=0x00 PREC=0x00 TTL=114 >ID=26421 DF PROTO=TCP SPT=2025

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

i'm trying to setup LVS, and tried both the lvs-dr and the lvs-nat, but can't get any to work. I'm hoping people here can answer a few questions that might help and shed light onto the situation? #1 with regards to the Real Servers, is there anything that needs to be configured other that the http service? I ask this, because I suspect yes, and it has to do with what type of LVS you

Hi, I need some special masq rules to allow internal servers to resolve public IP''s which are loadbalanced by LVS - the rule are: iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32 --vport 80 -j SNAT --to-source <LVS INTERNAL IP> Also I need to enable: echo 1 > /proc/sys/net/ipv4/vs/conntrack Currently I do all this from /etc/shorewall/started - but is

Hi guys, I''m not sure where to post for help on this one, shorewall or lvs, I''ll start with shorewall (only cause Tom is a gun at this stuff, and is polite enough to tell me to bugger off to the LVS list if I''m posting in the wrong one ;) I have a single box that is my router/firewall/LVS. Internet -- eth0 - router/firewall - eth1 --- internal lan | eth2

Greetings, all: OS: CentOS 6.4 x86_64 Kernel: 2.6.32-358.14.1 I could use some assistance with setting up pulse to load balance my dns servers. I've configured tcp and udp port 53 with the piranha gui, set up arptable rules on the real servers and added the virtual ip to the bond0 interface on the real servers, but I'm still having no luck in getting things going. A dig against the

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Hello List: Recently our shorewall FW server went dead (PS failure) & brought the entire system down. Luckily we are testing the FW and other servers, so we did not loose anything. Now we have decided to setup two Shorewall FW servers with a primary & another fallover FW server. I have done some research cruised the Internet and found that a product ''UCARP''

Hello ! I have a performance issue with Kernel 2.6.X and policy match support as suggested in http://shorewall.net/IPSEC-2.6.html. My IPSEC performance doesn''t exeed about 30kbyte/sec even if my downlink is 1024kbit/sec and should reach more than 100kbyte/sec. No, its not the cpu''s performance (AMD Barton 2500+) and no it''s not the gateway (CELERON 600 Mhz) on the

hello, all! if i want to use lvs function of keepalived , i must install ipvsadm ? tks! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110308/b8e27203/attachment-0002.html>

When a disk image uses LVM thinp (thin provisioning), the guestfs_lvs API would return the thinp pools. This confused other APIs because thinp pools don't have corresponding /dev/VG/LV device nodes. Filter the LVs that are returned using "lv_role=public". Thanks: Fabian Deutsch --- daemon/lvm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/daemon/lvm.c

On F12, I'm getting this build failure: ocamlfind ocamlopt -ccopt '-L ../../src/.libs' \ -warn-error A -I .. mlguestfs.cmxa lvs.ml -o lvs File "lvs.ml", line 11, characters 10-24: Error: Unbound value Guestfs.create make[2]: *** [lvs] Error 2 Admittedly with STREQ-related changes, but they seem unrelated...

On Wednesday 28 January 2015 14:25:38 Richard W.M. Jones wrote: > --- > sparsify/copying.ml | 4 +++- > sparsify/in_place.ml | 4 +++- > sparsify/utils.ml | 16 ++++++++++++++++ > 3 files changed, 22 insertions(+), 2 deletions(-) > > diff --git a/sparsify/copying.ml b/sparsify/copying.ml > index 8d77964..165dd6e 100644 > --- a/sparsify/copying.ml > +++

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

http://bugzilla.netfilter.org/show_bug.cgi?id=586 Summary: Problems changing the source address of a packet Product: libnetfilter_queue Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: libnetfilter_queue AssignedTo: laforge at netfilter.org

FYI, while "make" succeeded in this directory on Friday, I ran "make clean" today from the top, then "make" and got this: Making all in examples make[3]: Entering directory `/home/j/w/co/libguestfs/ocaml/examples' ocamlfind ocamlopt \ -warn-error A -I .. mlguestfs.cmxa lvs.ml -o lvs File "lvs.ml", line 11, characters 10-24: Error:

Every time I touch something, pieces fall off! It's a good thing this stuff isn't in production yet (for me I mean). So I had an LVS, configured with Piranha, directing http test transactions across two servers. I used Piranha to add another realserver. It appeared in the lvs.cf file, but didn't appear in the ipvsadm output. So I stopped and restarted Pulse. And now *none* of the

Hi, I had to modify 2 files to integrate ext3 patch with lvs patch.. (ext3-2.4-0.9.14-2414p8.gz and ipvs 0.8.2) --- drivers/block/loop.c.orig Tue Nov 6 10:13:48 2001 +++ drivers/block/loop.c Tue Nov 6 10:17:55 2001 @@ -218,14 +218,16 @@ static int lo_send(struct loop_device *l index++; pos += size; UnlockPage(page); -