[Linux-HA] HA Firewall

Dejan Muhamedagic dejanmm at fastmail.fm
Thu Nov 15 11:06:39 MST 2007 

Hi,

On Thu, Nov 15, 2007 at 02:50:25PM +0000, North Country Boy wrote:
> Hi, Could you please repost. This is really unreadable. Thanks, Dejan 
>  
> Of course, many thanks in advance
>  
> --- original message ---
>  
> Ok ok, I admit. I dont get it!!!! I am trying to config a
> simple HA firewall and it just isnt working to how I had
> imagined. Ok here is the deal. The Firewall has two interfaces
> 1) Internal interface eth1 192.168.0.254 2) External Interface
> eth0 195.63.63.100, 195.63.63.101, 195.63.63.102 The plan would
> be that in the event of failure, these IP addresses as well as
> an iptables script would be brought online on the second box.
> The story so far.... Because I am new to this, I wanted to take
> things nice and slowly and realise the full solution in stages
> so that I could learn & understand. I decided to test a simple
> failover with one ip just using the external interface. I added
> a second nic to both machines (node1 & node2) and got heartbeat
> working no problem. Using the verison 1 haresource file, I
> added the following line node1 195.63.63.101 In the ha.cf file
> I added ping 195.63.63.254 (an external router accessible by
> both nodes) Also I added the ipfail command. Ok so heartbeat
> all looks good so far, the new address 195.63.63.101 is added
> as eth1:0

> No I prevent access to the external router from
> node1, it recognises that it can no longer reach 195.63.63.254
> in the logs, whilst node 2 says and does nothing. huh???? I
> thought that at this point, ipfail flags a failure and the
> failover process begins????

Yes, it should.

> Conicidentally, pulling the
> heartbeat cable causes the failover to happen perfectly (which
> is nice to know). So now I am left wondering... If my external
> eth0 card fails, this isnt enough to cause failover?

Definitely it is.

> Now I am
> guessing 3 things. 1) I have missed the point 2) I have missed
> something obvious 3) One of you kind hearted souls can see the
> which of the previous points is correct! :-) 

Can't say. Your config looks OK. Could you provide the logs too.

Thanks,

Dejan

> _________________________________________________________________
> Celeb spotting – Play CelebMashup and win cool prizes
> https://www.celebmashup.com

> node1 195.63.63.101

> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems

More information about the Linux-HA mailing list