Am Samstag, 26. Dezember 2009 12:22:47 schrieb Eric Renfro: > Michael Schwartzkopff wrote: > > Am Samstag, 26. Dezember 2009 08:12:49 schrieb Eric Renfro: > >> Hello, > >> > >> I'm trying to setup 2 nodes that'll run pacemaker with openais as the > >> communication layer. Ideally what I want is for router1 to be the master > >> node and take over for router2 if it comes back up fully functional > >> again. In my setup, the routers are both internet-facing servers that > >> toggle the external internet IP to whichever controls it at the time, > >> and also handles the internal IP for the gateway for internal systems to > >> route via. > >> > >> My problem is with Route in my setup, so far, and later getting > >> shorewall to start/stop per whichever nodes active. > >> > >> Route, in my case in the setup I will show below, is failing to start > >> initially because I presume the internet IP address is not fully > >> initialized at the time it's trying to enable the route. If I do a crm > >> resource cleanup failover-gw, it brings it up just fine. If I try to > >> move the router_cluster resource to router2 from router1 after it's > >> fully up, it fails because of failover-gw on router2. > > > > (...) > > > > If you just want to create a HA firewall why do you need to switch the > > routing? Do you know my HOWTO for a HA firewall > > (www.multinet.de/HAFirewall) ? I am just switching the ip_forward in the > > kernel. > > > > Greetings, > > Well, it's not technically just a HA firewall. What I'm doing is making > two routers that are facing the internet directly and providing a > default route point IP (hence, 192.168.0.1), which is why the routes > need to change as a result. Having the internet IP up on both computers > tends to cause IP conflicts, correct?
Yes, should do so. Especially in routing packages back. > Though it was wierd, when I tried > this with keepalived, both had the internet IP up fully while just > passing the internal IP, 192.168.0.1, without any noticeable problem. I don't know how keepalive can cope with two same IP address in a network. What MAC address gets your internet router asking for that IP? > I'm on business class with Brighthouse Business, and they have my router > set up in bridged mode. Bridged mode would also be an option, but a full blown router is better. think of dynamic routing, netfilter possibilities, ... > I'm about to try out what you said in the previous email. I'm also on > IRC freenode #linux-ha and #linux-cluster presently too, but I don't > mind using the mailing list, perhaps the discussion will help others in > the future anyway as well. ;) I have seen your discussion on the channel. I dod not follow it to the end (Lunchtime here). Did you find a solution. By the way (about classes): https://www.gurulabs.com/linux-training/courses/GL640/ ;-) Greetings, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 _______________________________________________ Pacemaker mailing list Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker
