Apologies, that last bit should say "but _not_ the VRRP address".
On Mon, May 15, 2017 at 6:11 PM, Cody Mello <[email protected]> wrote: > Hello Angelo, > > What kinds of firewall rules do you have? Are you doing things like: > > FROM ip ... TO ... ALLOW tcp PORT 80 > FROM subnet ... TO ... ALLOW tcp PORT 80 > FROM any TO ... ALLOW tcp PORT 80 > > Or something more like: > > FROM all vms TO ... ALLOW tcp PORT 80 > FROM tag <name> TO ... ALLOW tcp PORT 80 > FROM vm <uuid> TO ... ALLOW tcp PORT 80 > > I would expect the first kind of rules to work, but not the second > when using vrrp_primary_ip. The second set of rules take a look at the > "ip" field on NICs, but the VRRP address. > > - Cody > > On Mon, May 15, 2017 at 6:02 PM, Brian Bennett <[email protected]> > wrote: >> Have you set the vrrp_primary_ip and vrrp_vrid properties on the nics that >> you want to use with VRRP? >> >> -- >> Brian Bennett >> Systems Engineer, Cloud Operations >> Joyent, Inc. | www.joyent.com >> >> On May 15, 2017, at 7:14 AM, Dr. Angelo Roussos <[email protected]> >> wrote: >> >> Hi All, >> >> We have a scenario where one of our hosts is set up to create fwadm rules in >> order to manage instance-level firewalling. >> >> HOWEVER, we have an issue with a customer who wants to deploy (and manage) >> their own HAProxy failover cluster. >> >> We have successfully tested this setup with no issues at all when the >> SmartOS host firewall is turned OFF, but we are unable to make this work >> when the host firewall is turned ON and administered through fwadm. >> >> Does fwadm/SmartOS host firewall support multicast – specifically, in this >> case, to allow for VRRP packets? >> >> Regards, >> >> Angelo. >> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
