Hello Angelo, What kinds of firewall rules do you have? Are you doing things like:
FROM ip ... TO ... ALLOW tcp PORT 80 FROM subnet ... TO ... ALLOW tcp PORT 80 FROM any TO ... ALLOW tcp PORT 80 Or something more like: FROM all vms TO ... ALLOW tcp PORT 80 FROM tag <name> TO ... ALLOW tcp PORT 80 FROM vm <uuid> TO ... ALLOW tcp PORT 80 I would expect the first kind of rules to work, but not the second when using vrrp_primary_ip. The second set of rules take a look at the "ip" field on NICs, but the VRRP address. - Cody On Mon, May 15, 2017 at 6:02 PM, Brian Bennett <[email protected]> wrote: > Have you set the vrrp_primary_ip and vrrp_vrid properties on the nics that > you want to use with VRRP? > > -- > Brian Bennett > Systems Engineer, Cloud Operations > Joyent, Inc. | www.joyent.com > > On May 15, 2017, at 7:14 AM, Dr. Angelo Roussos <[email protected]> > wrote: > > Hi All, > > We have a scenario where one of our hosts is set up to create fwadm rules in > order to manage instance-level firewalling. > > HOWEVER, we have an issue with a customer who wants to deploy (and manage) > their own HAProxy failover cluster. > > We have successfully tested this setup with no issues at all when the > SmartOS host firewall is turned OFF, but we are unable to make this work > when the host firewall is turned ON and administered through fwadm. > > Does fwadm/SmartOS host firewall support multicast – specifically, in this > case, to allow for VRRP packets? > > Regards, > > Angelo. > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
