On Thu, 2007-10-25 at 22:23 +0100, North Country Boy wrote: > Ok ok, I admit. I dont get it!!!! > > I am trying to config a simple HA firewall and it just isnt working to how I > had imagined. > > Ok here is the deal. > > The Firewall has two interfaces > > 1) Internal interface eth1 192.168.0.254 > > 2) External Interface eth0 195.63.63.100, 195.63.63.101, 195.63.63.102 > > The plan would be that in the event of failure, these IP addresses as well as > an iptables script would be brought online on the second box. > > The story so far.... > > Because I am new to this, I wanted to take things nice and slowly and realise > the full solution in stages so that I could learn & understand. I decided to > test a simple failover with one ip just using the external interface. > > I added a second nic to both machines (node1 & node2) and got heartbeat > working no problem. Using the verison 1 haresource file, I added the > following line > > node1 195.63.63.101 > > In the ha.cf file I added > > ping 195.63.63.254 (an external router accessible by both nodes) > > Also I added the ipfail command. > > Ok so heartbeat all looks good so far, the new address 195.63.63.101 is added > as eth1:0 > > No I prevent access to the external router from node1, it recognises that it > can no longer reach 195.63.63.254 in the logs, whilst node 2 says and does > nothing. huh???? > I thought that at this point, ipfail flags a failure and the failover process > begins???? > > Conicidentally, pulling the heartbeat cable causes the failover to happen > perfectly (which is nice to know). > > So now I am left wondering... If my external eth0 card fails, this isnt > enough to cause failover?
Yes, if things are configured correctly. I have been dealing with v2 only, so I won't be able to help you with your configs, but I did play with v1 a tiny bit and I remember ipfail working fine. Speaking of configs, you should post your ha.cf and haresources files along with logs. I believe the list prefers attachments rather than inline. [...] -- Matt Zagrabelny - [EMAIL PROTECTED] - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
