[Linux-HA] heartbeat for iptables FW

Gary W. Smith gary at primeexalia.com
Mon Feb 6 15:35:55 MST 2006

That's more of a netfilter question than a ha question but I will give
it a shot.  Assuming that you have a dedicated heartbeat interface you
would do something like:

# Assuming eth1 is your heartbeat interface
# You would also want to put this somewhere before you're drop
# rules.
iptables -A input -i $HB -j ACCEPT
iptables -A output -o $HB -j ACCEPT

if you are using a shared interface, which I wouldn't recommend, you
would want to do something like:
HBPORT=694 # use your actual port that is in your haconfig file.
iptables -A input -i $HB -p tcp -m tcp --dport=$HBPORT -j ACCEPT
iptables -A input -o $HB -j ACCEPT

> -----Original Message-----
> From: linux-ha-bounces at lists.linux-ha.org [mailto:linux-ha-
> bounces at lists.linux-ha.org] On Behalf Of Norman Maurer
> Sent: Monday, February 06, 2006 11:10 AM
> To: linux-ha at lists.linux-ha.org
> Subject: [Linux-HA] heartbeat for iptables FW
> Hi guys,
> we use HA +DRBD on a few Servers to get failover working. Its work
> really nice.
> But now we want to use it to get 2 Firewalls as Active - Passive
> Solution. But when Heartbeat is started and the firewall get started,
> heartbeat has problems to send the broadcast. I always get "send bcast
> not permitted" in the syslog. Whats the problem ? What thaings i have
> allow on the firewall to not get this error.
> bye
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems

More information about the Linux-HA mailing list