similar to: Shorewall and keepalived

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

I am currently using shorewall on leaf-bering. I have set it up with keepalived to create a high availabilty firewall cluster. I have an odd question in regards to shorewall. Currently in production I have keepalived controlling shorewall starts and stops. If I remove this and leave shorewall running on the backup firewall, will I run into any problems with having the nat tables built out and

Hey guys, I'm trying to install keepalived 1.2.19 on a centos 6.5 machine. I did an install from source. And when I start keepalived this is what I'm seeing in the logs. It's reporting that the VRRP_Instance(VI_1) Now in FAULT state. Here's more of that log entry: Sep 29 12:06:58 USECLSNDMNRDBA Keepalived_vrrp[44943]: VRRP Instance = VI_1 Sep 29 12:06:58 USECLSNDMNRDBA

Hello, I get this error when trying to build Keepalived 1.2.1 on a CentOS-4 box: # gcc -g -O2 (..) -D_WITH_LVS_ -D_WITH_VRRP_ -c smtp.c In file included from ../include/vrrp.h:31, from ../include/smtp.h:34, from smtp.c:27: *../include/vrrp_ipaddress.h:32:27: linux/if_addr.h: No such file or directory* In file included from ../include/vrrp.h:31,

Prior to upgrading to CentOS 7.4 everything was fine, after upgrade I'm seeing /etc/keepalived# keepalived -f /etc/keepalived/keepalived.conf --dont-fork --log-console --log-detail --dump-conf -m -v Starting VRRP child process, pid=17224 Registering Kernel netlink reflector Registering Kernel netlink command channel Registering gratuitous ARP shared channel Opening file

Hello all. I''m about to set up a new firewall on an old 400 MHz K6-2 machine. What is the recommended, or most common way to go about it? I was thinking of doing a MINIMUM install of RedHat 8 (the option where they actually say "used for setting up things like firewalls") and then installing shorewall on top of that. Would this leave me with anything crucial missing in my

Hi, I´m trying use conntrackd, shorewall and keepalived. Conntrackd (now know as conntrack-tools) is working ok, keepalived too, but i don´t know how to put some iptables rules in shorewall. eth0 is the local area (192.168.0.0/24) eth1 is the net area (192.168.1.0/24) [1] iptables -P FORWARD DROP [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED - j ACCEPT [3] iptables -A

Em 29-09-2015 15:03, Gordon Messmer escreveu: > On 09/29/2015 09:14 AM, Tim Dunphy wrote: >> And if I do an ifconfig command I see no evidence of an eth1 existing. > > "ifconfig -a" will show you all of your interfaces. Maybe there is a confusion here. Sounds like Tim thought keepalived would create that eth1, like a tunnel interface, but it won't. You have to

https://bugzilla.netfilter.org/show_bug.cgi?id=1053 Bug ID: 1053 Summary: connection tracker integration issue Product: conntrack-tools Version: unspecified Hardware: i386 OS: All Status: NEW Severity: critical Priority: P5 Component: conntrack-daemon Assignee:

Hi all, We are investigating on firewall failover design. I have searched the net and found that projects like LVS have it mostly solved for their side but that netfilter lacks it. Of course, a simple failover of the firewall is available using things like VRRP (KeepAlive software) but without state syncronization, and that is preciselly the part we need to investigate. Is this issue

hi i''ve not found many hints on shorewall/ucarp/conntrackd topic. i''m sharing this with the list, so that i''m able to search and find it the next time. :) i''ve setup 2 identical systems with shorewall, ucarp and conntrackd in an active/backup way. ucarp just calls ifup/ifdown, all network configuration is maintained in /etc/network/interfaces (Debian),

When shorewall starts up does it completely flush any other iptables rule sets or nat entries that are already in there? Or Can I run two instances of shorewall each loading a different set of rules and a different set of IP addresses in the NAT table and have each one only control what it adds?

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

On 09/29/2015 09:14 AM, Tim Dunphy wrote: > And if I do an ifconfig command I see no evidence of an eth1 existing. "ifconfig -a" will show you all of your interfaces.

CentOS Errata and Enhancement Advisory 2015:0703 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0703.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 893386b534fbeda5a2f1702fab60cc087b037ece82635bb316c3e13fb5856e83 keepalived-1.2.13-5.el6_6.i686.rpm x86_64:

Is anyone successfully using dag's keepalived-1.1.10-1.1.el3.rf on centos 3.4? It's giving me some strange issues (LVS Topology never shows up, even though I can manually set it w/ ipvsadm) Attempting to rebuild it has been less than successful, as anyone who tries will see in their appropriate BUILD/keepalived-1.1.10/config.log and in the rpmbuild output. It complains about openssl

Dear All, After installing Shorewall, on a router with 4 NIC, seems running ok. Next day, when connecting from clients, (MS) we keep getting ip conflict for non-conflicting ip addresses. Any help is appreciated. Detals of Startup: + shift + nolock= + ''['' 1 -gt 1 '']'' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start +

Hello, We are using CentOS 6.6 and keepalived 1.2.13 on two servers for failover, no load-balancing. Failover is governed by the NIC being present, and the Apache and Tomcat processes being present. Both servers are configured as 'EQUAL' (not master/backup). An initial priority of 100 is set, and if a process or NIC fails, then this is reduced by 60 - causing a lower priority to be seen

CentOS Errata and Bugfix Advisory 2017:1305 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1305.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 14c601eb6b4c0822d34a1d0b1feaca81c00f8dd95c1b4ea6a5dfd9d504185c25 keepalived-1.2.13-9.el7_3.x86_64.rpm Source:

CentOS Errata and Bugfix Advisory 2019:1877 Upstream details at : https://access.redhat.com/errata/RHBA-2019:1877 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 259a12a1d3cd1c507dcfbd58d6d6fc63113a2e4ed7c1f5b061526d2426712b5c keepalived-1.3.5-8.el7_6.5.x86_64.rpm Source: