Christophe Painchaud wrote: > Hello, > > I managed to create a cluster of 2 firewalls that share their conntrack > tables ; but I've got a little problem/question: > > When I restart a node to simulate a failure, it won't request existing > connections, it will only get news ones. I am forced to do a 'conntrackd > -n' to resync it all. I tried to start conntrackd with 'conntrackd -d > -n' or 'conntrackd -dn' . No success here. Is there a proper way to do > this ? should I create a startup script that run -d command line, and > then -n ? conntrackd does do this by itself, it needs the help of a failure detector manager, eg. keepalived. You have to include the conntrackd -n in your scripts when the node hits backup state. Have a look at the doc/ directory inside the conntrack-tools. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
