[Linux-HA] Re: Linux-HA Digest, Vol 47, Issue 102

Dejan Muhamedagic dejanmm at fastmail.fm
Thu Oct 25 12:36:57 MDT 2007


Hi,

On Thu, Oct 25, 2007 at 11:20:23AM -0400, Timothy Meader wrote:
> 
> >From: Dejan Muhamedagic <dejanmm at fastmail.fm>
> >Subject: Re: [Linux-HA] Setting Source IP for outgoing traffic?
> >To: General Linux-HA mailing list <linux-ha at lists.linux-ha.org>
> >Message-ID: <20071025104536.GA7013 at rondo.suse.de>
> >Content-Type: text/plain; charset=us-ascii
> >
> >Hi,
> >
> >On Wed, Oct 24, 2007 at 10:55:10PM -0400, Timothy Meader wrote:
> >> Hello, I'm having an issue that I'm hoping someone could provide me
> >> some help on. To give a brief synopsis of the situation:
> >>
> >> We originally had a single server setup running OSSEC. Last week, we
> >> decided to combine this server with another two that were running as
> >> a simple log server (in high availability fail-over mode using
> >> heartbeat) to make better use of the existing systems. The log server
> >> portion is running on the virtual IP xxx.xxx.xxx.7 on eth0:0, the
> >> OSSEC server is setup to run on a secondary virtual IP,
> >> xxx.xxx.xxx.29, on eth0:1. When running on a single server, OSSEC
> >> worked fine. But now, the clients refuse to communicate properly with
> >> the server.
> >>
> >> Using tcpdump, I tracked this communications problem down to the fact
> >> that the server response from OSSEC in the high availability setup is
> >> going back to the client with the ACTUAL address of eth0
> >> (xxx.xxx.xxx.17 or 18 depending on which of the two high-avail nodes
> >> it's currently running on). What I need is for the server response to
> >> come back to the client with the xxx.xxx.xxx.29 address as the
> >> source. I've investigated the "IPsrcaddr" script that comes with
> >> heartbeat, but unfortunately there are two issues that preclude me
> >> from using it, so I'm looking to iptables for a means to handle this.
> >
> >Why is it that you cannot use it? Could it be modified to fit?
> >*****************************************
> 
> Thanks for the reply. I've moved the OSSEC server to now use the same 
> virtual IP as the logging/NFS portion (x.x.x.7), so that hopefully 
> will make things slightly easier. This is doable presnetly because we 
> haven't deployed the OSSEC clients to any nodes outside our local 
> network yet, so it's relatively trivial for us at this stage to 
> change the OSSEC server address locally on each node's conf file. The 
> reason I can't use the IPsrcaddr script though (which I've seemingly 
> verified just now after testing), is that it doesn't seem to work for 
> any machines on the local subnet. We have about 20 nodes reporting in 
> to the OSSEC server currently, all on the same /26 range as the HA 
> server. For these machines, the following setup in the haresources 
> file doesn't seem to work properly (the traffic is still going out to 
> the clients on x.17 or x.18). Any further suggestions?

Took another look at the IPsrcaddr: what it does is change the
source address for the interface through which you have a default
route. Is that different from eth0?

You could also try to do this yourself

	ip change route to ... src <ip>

where ... stands for whatever you get from 'ip route show'.

> open-logger-1.my.domain IPaddr::xxx.xxx.xxx.7/26/eth0 
> IPsrcaddr::xxx.xxx.xxx.7 drbddisk::syslogs Filesystem::/dev/drbd0
> ::/log::ext3 syslog-ng portmap nfs nfslock ossec httpd

Thanks,

Dejan

> Thanks
> 
> ---
> Tim Meader
> L-3 Communications, NASA EOS Security Operations
> Timothy.Meader at gsfc.nasa.gov
> (301) 614-6371 
> 
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems



More information about the Linux-HA mailing list