Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

Redundant Firewall on CentOS 5.6 / RHEL

Discussion in 'Linux Networking' started by decond, Apr 19, 2012.

  1. decond

    decond Guest

    Hi Guys :)



    I have set up two servers with iptables and want them to have the same ip address on the wan and same on the lan side. I tried setting this up with heartbeat at it works. Got a link to fwbuilders, they had a heartbeat cluster example.

    My problem is, that the heartbeat only "works" when the whole server is down/both links are down and not if only the wan link is down.
    My question is, is there some way I can make sure that my backup firewall is taking over the trafik when the wan link on the main firewall is down?

    On of my colleagues said something about change the hostname to the wan ip in the heartbeat config, don't know if thats any usefull info :)

    Hope you can help a strugling semi-noob.
     
  2. Akendo

    Akendo Guest

    Could you print some details here? We can't help that way. Some configuration is need.

    so far
    akendo
     
  3. decond

    decond Guest

    Info

    Is this of any use?

    Net setup on FW01
    [[email protected] /]# ip -4 addr ls
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    inet 127.0.0.1/8 scope host lo
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    inet XXX.XX.107.221/26 brd XXX.XX.107.255 scope global eth0
    inet XXX.XX.107.204/26 brd XXX.XX.107.255 scope global secondary eth0:0
    5: eth3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    inet 192.168.0.1/24 brd 192.168.0.255 scope global eth3
    7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue
    inet 10.0.99.6/24 brd 10.0.99.255 scope global bond0
    inet 10.0.99.4/24 brd 10.0.99.255 scope global secondary bond0:0

    Setup on ha.cf
    deadtime 10
    warntime 5
    mcast eth0 225.0.0.1 694 1 0
    mcast bond0 225.0.0.1 694 1 0
    auto_failback on
    node fw01 fw02

    Setup on haresources
    fw01 IPaddr::XXX.XX.107.204/26/eth0/XXX.XX.107.255
    fw01 IPaddr::10.0.99.4/24/bond0/10.0.99.255
     
  4. Darwin

    Darwin Guest

    I kinda see what is going on here - your host will have an actual IP location that you can use to login from, eg 192.xxx.xxx/user:1010

    That can be found in your welcome email - try using that IP without the /user:1010 and see if you still have the same issue.
     
  5. decond

    decond Guest

    Sorry mate, I don't know what you are refering to :S
     
  6. Darwin

    Darwin Guest

    My bad I did not read the question correctly. You are on a Wide Area Network which is firewalled? If that is the case it could be that there is so much security it is getting confused. The master WAN would have to be set via the host server if I am correct, it will be configured on the TCP/IP. I think this is the IP that your colleague is referring to. It should be the main IP for your network. Try that route.

    If your network has been configured to a host name such as blabla(dot)com it is that (dot)com that would have the necessary configuration to use.

    I don't know if that makes sense I am cr*p at instructing, I would make the worst Live Support.

    Some info here may help http://www.linuxforums.org/forum/re...-firewall-server-centos-5-x-small-office.html
     

Share This Page