Graeme Fowler wrote: > On Sun, 2007-07-29 at 10:55 -0400, Gerry Reno wrote: > >> I was hoping someone could tell me. I just brought up the firewalls on >> the directors and instant split brain. What port/protocol do the >> directors use to communicate with each other? >> > > Keepalived uses VRRP - you can search for the relevant RFC yourself for > the nitty gritty (or follow the links on keepalived.org). > > If you have two directors, DIP1 and DIP2 then use a rule of the form: > > on DIP1: > iptables -A INPUT -s $DIP2 -j ACCEPT > > on DIP2: > iptables -A INPUT -s $DIP1 -j ACCEPT > > Or the same rule on both to accept VRRP: > > iptables -A INPUT -d 224.0.0.18/32 -j ACCEPT > > If you've modified your mcast_src_address in keepalived.conf, use that > IP instead. > > Graeme > > Ok, I added this to both firewalls: iptables -A RH-Firewall-1-INPUT -d 224.0.0.18/32 -j ACCEPT # RH/Fedora version
saved and restarted both director firewalls but still have the split brain. ???? _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
