Hi there! With the last package I got of conntrack-tools I see some config files and shell scripts supposed to work in an active/active firewall cluster. Configuration files for keepalived are included. I have configured my system in the way I guess it may work, but have some doubts about the configuration and the system isn't working at all. Some issues: · I think keepalived should give both nodes both IPV resources, so the load balancing can be succefully done with iptables (as seen in multiprimary.sh) · With the give configuration, Keepalived sometimes gives IPV resources to just one node, the other remains inactive and seems like a passive-backup node. · In some cases, I have both nodes with both IPV resources, but it seems that some misconfiguration in iptables DROP packages needed by clients connections through the firewall. Maybe conntrackd not working properly in state replication? If anyone gives me some clues I could just write some documentation regarding this configuration, maybe with a little explanation of protocols and tools being implied. Or is there already some documentation? As you can see, right now i'm working in a non-production environment, but with more investigation and develop all can be done. I'm really interested in this. Best regards! -- /* Arturo Borrero Gonzalez || cer.inet@xxxxxxxxxxxxx */ /* Use debian gnu/linux! Best OS ever! */ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
