Am Freitag, 5. Juni 2009 06:05:36 schrieb Kaushal Shriyan: > Hi, > > I got the below reply from the shorewall firewall mailing list. > > >From my own experiment for failover solution (not loadbalancing), it's > > much > > better for you to > > >play with keepalived, rather than linux HA. Reason: linux HA tends to put > > the virtual IP on > > >aliased interface; where keepalived puts on the real interface. It's just > > a > > bit simpler to configure > > >in shorewall. And with keepalived, you can have shorewall runs on both > > nodes, while with linux > > >HA you have to make sure shorewall is turned on/off as the failover kicks > > in (I may be wrong in > > >this).
Yes, he is wrong. In my HOWTO, just forwarding is switched. The policy is in place always. > Is there a Howto to setup failover solution for shorewall firewall > using linux-ha or keepalived. which one is the ideal solution. > > Please pitch in with comments/suggestions. > > Thanks, > > Kaushal. I do not know about shorewall and I do not know about keepalived. First of all, I would define my needs and only then look for the correct programs to use: - config by GUI or by scripts? -> GUI needs fwbuilder - Failover with connction tables synced? -> Need conntrackd - PERSONAL PREFERENCES in cluster software: Linux-HA OR keepalived. I also could offer to help you with the setup. Michael. _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
