On Thu, 4 Jun 2009, Kaushal Shriyan wrote:
> I got the below reply from the shorewall firewall mailing list.
>> From my own experiment for failover solution (not loadbalancing), it's much
> better for you to >play with keepalived, rather than linux HA. Reason: linux
> HA tends to put the virtual IP on >aliased interface; where keepalived puts
> on the real interface. It's just a bit simpler to configure >in shorewall.
> And with keepalived, you can have shorewall runs on both nodes, while with
> linux >HA you have to make sure shorewall is turned on/off as the failover
> kicks in (I may be wrong in >this).
> Is there a Howto to setup failover solution for shorewall firewall
> using linux-ha or keepalived
> and also is there a mailing list for end users to discuss about keepalived.
with the default configuration they are right about needing to start/stop
however if you set net.ipv4.ip_nonlocal_bind=1 in /etc/sysctl.conf it will let
you run software that binds to interfaces that don't currently exist on the
it's still possible that shorewall won't work, but it's pretty likely to work
with this (they would have to do something like look at all the existing
interfaces at startup time and bind to those explicitly to still have problems)
Please read the documentation before posting - it's available at:
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users