On Thu, 4 Jun 2009, Kaushal Shriyan wrote: > Hi, > > I got the below reply from the shorewall firewall mailing list. > >> From my own experiment for failover solution (not loadbalancing), it's much > better for you to >play with keepalived, rather than linux HA. Reason: linux > HA tends to put the virtual IP on >aliased interface; where keepalived puts > on the real interface. It's just a bit simpler to configure >in shorewall. > And with keepalived, you can have shorewall runs on both nodes, while with > linux >HA you have to make sure shorewall is turned on/off as the failover > kicks in (I may be wrong in >this). > > Is there a Howto to setup failover solution for shorewall firewall > using linux-ha or keepalived > and also is there a mailing list for end users to discuss about keepalived.
with the default configuration they are right about needing to start/stop shorewall however if you set net.ipv4.ip_nonlocal_bind=1 in /etc/sysctl.conf it will let you run software that binds to interfaces that don't currently exist on the system. it's still possible that shorewall won't work, but it's pretty likely to work with this (they would have to do something like look at all the existing interfaces at startup time and bind to those explicitly to still have problems) David Lang _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
