Ok ok, I admit.  I dont get it!!!!
 
I am trying to config a simple HA firewall and it just isnt working to how I 
had imagined.
 
Ok here is the deal.
 
The Firewall has two interfaces
 
1) Internal interface eth1 192.168.0.254
 
2) External Interface eth0  195.63.63.100, 195.63.63.101, 195.63.63.102
 
The plan would be that in the event of failure, these IP addresses as well as 
an iptables script would be brought online on the second box.
 
The story so far....
 
Because I am new to this, I wanted to take things nice and slowly and realise 
the full solution in stages so that I could learn & understand.  I decided to 
test a simple failover with one ip just using the external interface.
 
I added a second nic to both machines (node1 & node2) and got heartbeat working 
no problem.  Using the verison 1 haresource file, I added the following line
 
node1 195.63.63.101
 
In the ha.cf file I added
 
ping 195.63.63.254  (an external router accessible by both nodes)
 
Also I added the ipfail command.
 
Ok so heartbeat all looks good so far, the new address 195.63.63.101 is added 
as eth1:0 
 
No I prevent access to the external router from node1, it recognises that it 
can no longer reach 195.63.63.254 in the logs, whilst node 2 says and does 
nothing. huh????
I thought that at this point, ipfail flags a failure and the failover process 
begins????
 
Conicidentally, pulling the heartbeat cable causes the failover to happen 
perfectly (which is nice to know).
 
So now I am left wondering...  If my external eth0 card fails, this isnt enough 
to cause failover?
 
Now I am guessing 3 things.  1) I have missed the point 2) I have missed 
something obvious 3) One of you kind hearted souls can see the which of the 
previous points is correct! :-)
 
 
_________________________________________________________________
The next generation of MSN Hotmail has arrived - Windows Live Hotmail
http://www.newhotmail.co.uk_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems

Reply via email to