Re: [Cooker-firewall] firewall cluster

2001-04-24 Thread philippe Libat 

Martins, Joao a écrit :
 
 I would like do Firewall Cluster, is it possible?
 And what software(Beowulf, Heartbeat , Piranha, etc...) ?
 
 []´s
 João Martins
 ATT L.A


Hi,

Yes you can build a firewall cluster based on Mandrake CookerFirewall
with the following rpm:

vrrpd ( Virtual router redundancy protocol )
or
ipvsadm ( Virtual server ) 
heartbeat and mon, see the good site (
http://www.linuxvirtualserver.org/HighAvailability.html )

You can find those rpm on the cooker-firewall distrib.

But for the moment, the cluster configuration process is not included in
the Web admin tool.

any ideas are welcomed depending on your needs
-- 
Philippe Libat [EMAIL PROTECTED]
Linux-Mandrake  http://www.linux-mandrake.com
_
Think Different, Think Linux

RE: [Cooker-firewall] Port forwarding problem with RC1

2001-04-24 Thread Michael Segulja 

Actually, I found out what the problem was.  First,
/etc/rc.d/init.d/iptoip starts, and then /etc/rc.d/init.d/lvs starts,
and writes over what iptoip did.  I just got rid of lvs and it works
fine now.

 -Original Message-
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent:   Thursday, April 19, 2001 9:50 AM
To: [EMAIL PROTECTED]
Subject:Re: [Cooker-firewall] Port forwarding problem with RC1

Michael Segulja [EMAIL PROTECTED] writes:

 I just downloaded RC1, mainly because I was hoping it would fix the
 problems I had with forwarding ports to my servers on the protected
LAN.
 It still doesn't work.  When the firewall boots, I see the message
that
 ipvsadm is applying the rules from /etc/iptoip.xml, and then right
after
 that it says it's using /etc/sysconfig/lvs.  The iptoip.xml file is
 correct, and has the correct information in it, but it seems
 /etc/sysconfig/lvs is overriding iptoip.xml because there are no port
 forwarding rules when I do ipvsadm -L.
 

Hi there,

I don't where did you download the iso from but I'm trying here this on
the RC1 and the port forwarding look to be working fine. The ipvsadm -L
shows the TCP forwarding just fine. 

[root@testpc /root]# ipvsadm -Ln
IP Virtual Server version 1.0.6 (size=4096)
Prot LocalAddress:Port Scheduler Flags 
  - RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP  192.168.1.178:80 wlc
  - 192.168.2.84:80Masq1  0  0 


my firewall is here 192.168.1.178 (external network and internal one
192.168.2.178) and 192.168.2.84 is test client.

from the 192.168.1.0 network (other pc, of course) I can type:
links 192.168.1.178 and I get the 192.168.2.84 for the welcome page.

Maybe you have done an upgrade. I did a new install, from scratch, here.


cheers,
-- 
Florin  http://www.mandrakesoft.com

[Cooker-firewall] dyndns service

2001-04-24 Thread Phil Morden 

In the /var/lib/naat/configuration file there are previsions for putting in 
your DYNDNS Account information.  Does this work if I install the 
ez-ipupdate rpm?
Thanks.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.