similar to: shorewall question

Hi. Is anyone using conntrack-tools to implement gateway failover on a network with windows clients? I set it up with ucarp and keepalived, and found that gratuitous ARP doesn''t always seem to update the cache on Windows machines. It works the first time, but if a second failover happens, the client continues to send stuff to the wrong MAC address. Linux machines work fine.

Hey guys, I'm trying to install keepalived 1.2.19 on a centos 6.5 machine. I did an install from source. And when I start keepalived this is what I'm seeing in the logs. It's reporting that the VRRP_Instance(VI_1) Now in FAULT state. Here's more of that log entry: Sep 29 12:06:58 USECLSNDMNRDBA Keepalived_vrrp[44943]: VRRP Instance = VI_1 Sep 29 12:06:58 USECLSNDMNRDBA

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

https://bugzilla.netfilter.org/show_bug.cgi?id=1381 Bug ID: 1381 Summary: Conntrackd segfaults when committing external caches Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: conntrack-daemon

Em 29-09-2015 15:03, Gordon Messmer escreveu: > On 09/29/2015 09:14 AM, Tim Dunphy wrote: >> And if I do an ifconfig command I see no evidence of an eth1 existing. > > "ifconfig -a" will show you all of your interfaces. Maybe there is a confusion here. Sounds like Tim thought keepalived would create that eth1, like a tunnel interface, but it won't. You have to

Hi, I´m trying use conntrackd, shorewall and keepalived. Conntrackd (now know as conntrack-tools) is working ok, keepalived too, but i don´t know how to put some iptables rules in shorewall. eth0 is the local area (192.168.0.0/24) eth1 is the net area (192.168.1.0/24) [1] iptables -P FORWARD DROP [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED - j ACCEPT [3] iptables -A

I'm looking into some network "weirdness", and I noticed that a CentOS 6 system with multiple IP addresses (load balancer running keepalived) is sending ARP requests from apparently random source IPs. I would have thought that ARP requests would always come from the interface's "primary" IP (especially since keepalived adds all the virtual IPs with a /32 mask). This

Can someone point me for good VRRPD (rfc2338) implementation on linux. Some stable and live project Thanks _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On 27/06/2017 00:49, James A. Peltier wrote: > Bind does not have a method to do multi-master replication. All updates must be done via an intermediary service (database). > > In our case, we've used containers and Consul for providing a highly available DNS service. A container will fire up and race for the master lock. It will dump the contents of the database into its named

Hi, I have HA firewalls configuration (keepalived) on one site. Each firewall has its own IP and a Virtual IP (VIP) that keepalived activate on one of the firewall (active/passive HA configuration). I think I can set all two firewalls with same configuration, generating key pairs on one firewall and copying that to the second, so the remote host can see always one of the other firewall as the

https://bugzilla.netfilter.org/show_bug.cgi?id=1053 Bug ID: 1053 Summary: connection tracker integration issue Product: conntrack-tools Version: unspecified Hardware: i386 OS: All Status: NEW Severity: critical Priority: P5 Component: conntrack-daemon Assignee:

Hi System debian 8.11 and dovecot-2.2.36.4 My webmail is roundcube with imapproxy. I have one problem. My dovecot servers is are in a cluster with keepalived like: dovecot1----VIP-IP--------dovecot2 All works fine I have a problem with imapproxy when a server dovecot1 had a problem (kernel panic sic!) Keepalived works perfecty and moved VIP to dovecot2 - all works fine for normal users but

Prior to upgrading to CentOS 7.4 everything was fine, after upgrade I'm seeing /etc/keepalived# keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console --log-detail --dump-conf -m -v Starting VRRP child process, pid=17224 Registering Kernel netlink reflector Registering Kernel netlink command channel Registering gratuitous ARP shared channel Opening file

Hi. I''m wondering if there''s a good way to configure a Linux firewall box to failover to a single backup server, while preserving connection state. This question has been asked before, but the latest reference I can find is from 2004, at which time Linux had no equivalent of OpenBSD''s pfsync, though Harald was said to be working on one. Did anything come of those

I have 2 firewall in HA with keepalived. Can I use active the same tinc configuration on 2 firewalls ? using tun Interface with same ip on all 2 nodes is a problem ? tun device advertise itself on the network having an IP/MAC pairs (ARP) or the IP is only used by the system internally for routing so using the same configuration is right ? so one firewall be active, the other is passive. With this

Is anyone successfully using dag's keepalived-1.1.10-1.1.el3.rf on centos 3.4? It's giving me some strange issues (LVS Topology never shows up, even though I can manually set it w/ ipvsadm) Attempting to rebuild it has been less than successful, as anyone who tries will see in their appropriate BUILD/keepalived-1.1.10/config.log and in the rpmbuild output. It complains about openssl

Hello, I get this error when trying to build Keepalived 1.2.1 on a CentOS-4 box: # gcc -g -O2 (..) -D_WITH_LVS_ -D_WITH_VRRP_ -c smtp.c In file included from ../include/vrrp.h:31, from ../include/smtp.h:34, from smtp.c:27: *../include/vrrp_ipaddress.h:32:27: linux/if_addr.h: No such file or directory* In file included from ../include/vrrp.h:31,

Hi all, We are investigating on firewall failover design. I have searched the net and found that projects like LVS have it mostly solved for their side but that netfilter lacks it. Of course, a simple failover of the firewall is available using things like VRRP (KeepAlive software) but without state syncronization, and that is preciselly the part we need to investigate. Is this issue

hello, all! if i want to use lvs function of keepalived , i must install ipvsadm ? tks! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110308/b8e27203/attachment-0002.html>

Hey Guy's, A success story instead of a question. With your help, managed to get the HA component working with HAPROXY and keepalived to build a fairly resilient NFS v4 VM cluster. ( Used Gluster, NFS Ganesha v2.60, HAPROXY, keepalived w/ selinux enabled ) If someone needs or it could help your work, please PM me for the written up post or I could just post here if the lists allow it.