-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27/07/10 17:02, Steven Whitehouse wrote: > Hi, > > On Tue, 2010-07-27 at 16:30 +0100, Mark Watts wrote: > I have a working CentOS 5.5/RHCS cluster in order to support a simple > GFS2 filesystem (ontop of DRBD) between 2 nodes. > > Since the two nodes have multiple network interfaces, I'd like to tie > all cluster communication to ETH2 as ETH0 is my production-facing interface. > > I understand I can partially achieve this by using a hostname mapped > (via /etc/hosts) to the IP address of ETH2 in cluster.conf. > This seems to work for OpenAIS; the multicast address it uses is bound > to to eth2 according to "ip maddress show dev eth2", but ccsd is still > listening on 0.0.0.0 for various ports according to netstat. > > How can I force ccsd to use ETH2? > > Regards, > > Mark. > >> Assuming that you have different subnets on the interfaces, setting the >> routing table correctly should be enough. Just be careful that any names >> which are being resolved point to the correct ip addresses. > >> If you don't have a different subnet, you can still do it if you mark >> the traffic with iptables and route according to the mark. > >> You may need multiple routing tables (again depending on the exact >> configuration) and a couple of routing rules to ensure that replies are >> always sent out of the same interfaces on which the queries came in on, > >> Steve. Well, My interfaces are setup as follows: ETH0 192.168.1.1/24 ETH2 172.16.1.1/24 cluster.conf references "node1.cluster" which is in /etc/hosts as 172.16.1.1 (node2.cluster follows as .2) I have no explicit routing on the box, other than a default gateway out on ETH3's subnet, which is different to the two I've listed. I suppose my main issue is that I don't want to expose anything other than TCP/80 on ETH0. Usually I'd do this as a combination of binding services to specific IP's and doing both inbound and outbound iptables rules for each interface. These would typically cover every service/port that I'd use, but multicast makes this a slightly different beast. Not having done iptables rules for multicast before, I'm a little wary of doing something without fully understanding how something works before I firewall it! Regards, Mark. - -- Mark Watts BSc RHCE MBCS Senior Systems Engineer, IPR Secure Managed Hosting www.QinetiQ.com QinetiQ - Delivering customer-focused solutions GPG Key: http://www.linux-corner.info/mwatts.gpg -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxPB0EACgkQBn4EFUVUIO3ndQCeK5DZp3WKMmZNuYFFdWG8Nph+ Qu4AoMSnzIMFsSqEW/G7CsL28Psnv/kZ =SwPT -----END PGP SIGNATURE----- -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
