[Linux-HA] HA Firewall

[North Country Boy]

Ok ok, I admit.  I dont get it!!!!
 
I am trying to config a simple HA firewall and it just isnt working to how I had imagined.
 
Ok here is the deal.
 
The Firewall has two interfaces
 
1) Internal interface eth1 192.168.0.254
 
2) External Interface eth0  195.63.63.100, 195.63.63.101, 195.63.63.102
 
The plan would be that in the event of failure, these IP addresses as well as an iptables script would be brought online on the second box.
 
The story so far....
 
Because I am new to this, I wanted to take things nice and slowly and realise the full solution in stages so that I could learn & understand.  I decided to test a simple failover with one ip just using the external interface.
 
I added a second nic to both machines (node1 & node2) and got heartbeat working no problem.  Using the verison 1 haresource file, I added the following line
 
node1 195.63.63.101
 
In the ha.cf file I added
 
ping 195.63.63.254  (an external router accessible by both nodes)
 
Also I added the ipfail command.
 
Ok so heartbeat all looks good so far, the new address 195.63.63.101 is added as eth1:0 
 
No I prevent access to the external router from node1, it recognises that it can no longer reach 195.63.63.254 in the logs, whilst node 2 says and does nothing. huh????
I thought that at this point, ipfail flags a failure and the failover process begins????
 
Conicidentally, pulling the heartbeat cable causes the failover to happen perfectly (which is nice to know).
 
So now I am left wondering...  If my external eth0 card fails, this isnt enough to cause failover?
 
Now I am guessing 3 things.  1) I have missed the point 2) I have missed something obvious 3) One of you kind hearted souls can see the which of the previous points is correct! :-)
 
 
_________________________________________________________________
The next generation of MSN Hotmail has arrived - Windows Live Hotmail
http://www.newhotmail.co.uk