On Thursday 14 October 2010 22:20:08 Luana C. Rocha wrote: > Hi, > > I've configured two ubuntu 10.04 x64 Kernel 2.6.32-21 with pacemaker and > heartbeat as my network gateway, both active sharing the same ip address. > If I point the client machines gateway to the real ip of one the > machines in the cluster, everything works perfectly (i've tested using > the real ip of both machines in the cluster). > If I point the client machines gateway to the virtual Ip shared between > the servers in the cluster, i can't access nothing, even when all > iptables rules are allowing the traffic. > I can use the virtual ip to connect to resources available in the > cluster machines like ssh (of course in this case i can't predict whose > machine will answer, but it works). Seems like the problem is in the > packet forward. > With tcpdump i can see the package arriving in the local interface but > i can't see the package in the external interface. > The parameter net.ipv4.ip_forward is set to 1 in the /etc/sysctl.conf. > I've transcript my configuration bellow. Can someone point me what is > wrong? (...)
Hi, as far as I understood your post you want to create a HA firewall sharing the load between both nodes. Am I right? The problem is that the CLUSTERIP targer is only valid for the INPUT chain, not for the FORWARD chain. So it is not possible to set up a load sharing firewall with both nodes active. But a HA firewall works perfectly in aa active/passive setup. One node is capable firewalling 1 GBit/s or more traffic. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Pacemaker mailing list: [email protected] http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
