[lug] Heartbeat and Firewalls
Zan Lynx
zlynx at acm.org
Fri Jun 2 10:59:37 MDT 2006
On Thu, 2006-06-01 at 15:57 -0600, Dan Ferris wrote:
> Has anyone on the list ever set up a HA firewall using Linux and
> Heartbeat or keepalived?
[snip]
> And yes, I know that the state tracking data isn't replicated and we're willing to deal.
You know, I thought I read about some way to make that work, involving
having both systems up and running with the active IP and MAC address,
but the offline system has a DROP rule last in the output/forward
chains, and ARP response turned off. Supposed to keep the state info
updated on the backup unit. Can't do anything for the failed primary,
of course.
Not sure if it works since I haven't tried it.
--
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20060602/d062b0f9/attachment.pgp>
More information about the LUG
mailing list