|
Graeme Fowler wrote:
> On Sun, 2007-07-29 at 10:55 -0400, Gerry Reno wrote:
>
>> I was hoping someone could tell me. I just brought up the firewalls on
>> the directors and instant split brain. What port/protocol do the
>> directors use to communicate with each other?
>>
>
> Keepalived uses VRRP - you can search for the relevant RFC yourself for
> the nitty gritty (or follow the links on keepalived.org).
>
> If you have two directors, DIP1 and DIP2 then use a rule of the form:
>
> on DIP1:
> iptables -A INPUT -s $DIP2 -j ACCEPT
>
> on DIP2:
> iptables -A INPUT -s $DIP1 -j ACCEPT
>
> Or the same rule on both to accept VRRP:
>
> iptables -A INPUT -d 224.0.0.18/32 -j ACCEPT
>
> If you've modified your mcast_src_address in keepalived.conf, use that
> IP instead.
>
> Graeme
>
>
Ok, I added this to both firewalls:
iptables -A RH-Firewall-1-INPUT -d 224.0.0.18/32 -j ACCEPT # RH/Fedora
version
saved and restarted both director firewalls but still have the split brain.
????
|
