On Mon, 17 Jul 2000, Derek Martin wrote:
> Sure, but it hardly matters, since if this is a firewall and your tcp/ip
> stack has gone south, then you're still dead, because you won't be routing
> packets!
For that matter, if your TCP/IP stack has gone south, odds are the rest of
the kernel proba
On Mon, 17 Jul 2000 [EMAIL PROTECTED] wrote:
> In a situation where there was issue, bug, exploit, in the tcp/ip stack
> which caused ip communication to go dead then serial line communication
> may also be affected, because the Heartbeat Package uses an UDP
> Heartbeat over ppp when a serial con
In a situation where there was issue, bug, exploit, in the tcp/ip stack
which caused ip communication to go dead then serial line communication
may also be affected, because the Heartbeat Package uses an UDP
Heartbeat over ppp when a serial connection is used.
I don't really know if this is the ca
On Mon, 17 Jul 2000, Paul Lussier wrote:
>
> In a message dated: Mon, 17 Jul 2000 01:27:31 EDT
> Derek Martin said:
>
> >What makes you think this? Heartbeat specifically states that heartbeat
> >ethernets should be *dedicated* (as does our documentation, I believe)
> >which should prevent tha
In a message dated: Mon, 17 Jul 2000 01:27:31 EDT
Derek Martin said:
>It's just not an issue, in the case of a firewall machine. Using shared
>SCSI only makes sense if you have shared data. Kimberlite is a great,
>reletively inexpensive HA solution, but it's overkill for a redundant
>firewall.
In a message dated: Mon, 17 Jul 2000 01:27:31 EDT
Derek Martin said:
>What makes you think this? Heartbeat specifically states that heartbeat
>ethernets should be *dedicated* (as does our documentation, I believe)
>which should prevent that scenario, so if you failed miserably to follow
>direct
On Mon, 17 Jul 2000, Derek Martin wrote:
>
> What makes you think this? Heartbeat specifically states that heartbeat
> ethernets should be *dedicated* (as does our documentation, I believe)
> which should prevent that scenario, so if you failed miserably to follow
> directions and not do that,
In a message dated: Fri, 14 Jul 2000 18:45:09 EDT
Derek Martin said:
>But, last I'd been paying attention, heartbeat does allow heartbeat over
>serial and ethernet simultaneously, and Alan (Robertson) was thinking
>about adding other methods. It's true that shared SCSI is not supported
>by hear
On Sun, 16 Jul 2000, Paul Lussier wrote:
>
> In a message dated: Fri, 14 Jul 2000 18:45:09 EDT
> Derek Martin said:
>
> >But, last I'd been paying attention, heartbeat does allow heartbeat over
> >serial and ethernet simultaneously, and Alan (Robertson) was thinking
> >about adding other method
On Mon, 17 Jul 2000, Derek Martin wrote:
> What makes you think this? Heartbeat specifically states that heartbeat
> ethernets should be *dedicated* (as does our documentation, I believe)
> which should prevent that scenario, so if you failed miserably to follow
> directions and not do that, yo
> In a message dated: Fri, 14 Jul 2000 18:45:09 EDT
> Derek Martin said:
>
> >But, last I'd been paying attention, heartbeat does allow heartbeat over
> >serial and ethernet simultaneously, and Alan (Robertson) was thinking
> >about adding other methods. It's true that shared SCSI is not suppo
On Fri, 14 Jul 2000 [EMAIL PROTECTED] wrote:
> Are you sure? The Heartbeat documentation show configurations over
> serial as well as ethernet. I was thinking of a senario where I install
> a fourth network card in the
> systems and link them with a crossover cable, and link them with a
> serial
On Fri, 14 Jul 2000, Paul Lussier wrote:
> Yeah, the Kimberlite stuff is far more robust.
>
> Heartbeat pretty much depends upon ethernet pinging, which, if you have an I/O
> problem and the primary system doesn't respind to the passive, the passive
> may try to take over, even though the prima
In a message dated: Fri, 14 Jul 2000 17:20:05 EDT
[EMAIL PROTECTED] said:
>Are you sure? The Heartbeat documentation show configurations over
>serial as well as ethernet. I was thinking of a senario where I install
>a fourth network card in the systems and link them with a crossover cable,
>and
>Paul Lussier wrote:
>
> In a message dated: Fri, 14 Jul 2000 16:22:24 EDT
> [EMAIL PROTECTED] said:
>
> >I have been looking at the Heartbeat documentation...and it seems to be
> >able to do what I need, which is provide a means of setting up a
> >redundant firewall that is capable of failover.
In a message dated: Wed, 12 Jul 2000 17:28:00 EDT
[EMAIL PROTECTED] said:
>HmmI guess I should be more specific. I have a firewall that runs
>with IPChains here in our office. If this server should go down I need
>to have a backup server ready to go in place. For the interim I am going
>to s
In a message dated: Fri, 14 Jul 2000 16:22:24 EDT
[EMAIL PROTECTED] said:
>I have been looking at the Heartbeat documentation...and it seems to be
>able to do what I need, which is provide a means of setting up a
>redundant firewall that is capable of failover. What do you like/not
>like about t
I have been looking at the Heartbeat documentation...and it seems to be
able to do what I need, which is provide a means of setting up a
redundant firewall that is capable of failover. What do you like/not
like about the heartbeat package? Is there another package that is
better that performs the
On Fri, 14 Jul 2000, Paul Lussier wrote:
>
> In a message dated: Thu, 13 Jul 2000 20:40:50 EDT
> Derek Martin said:
>
> >But you can use heartbeat, which is part of the Linux-HA project.
>
> yeah, but heartbeat sucks :)
It's not THAT bad...
--
Derek Martin
System Administrator
Mission Criti
In a message dated: Thu, 13 Jul 2000 20:40:50 EDT
Derek Martin said:
>But you can use heartbeat, which is part of the Linux-HA project.
yeah, but heartbeat sucks :)
--
Seeya,
Paul
"I always explain our company via interpretive dance.
I meet lots of interesting people
Today, Paul Lussier gleaned this insight:
> >Yea, that's what I was trying to describe as possible in the paragraph
> >below. I just had a hard enough time doing the 1st picture. The only
> >issue would be if you're doing any kind of logging on the firewall,
> >although I suppose (I haven't set
In a message dated: Thu, 13 Jul 2000 12:46:53 EDT
Jeffry Smith said:
>Yea, that's what I was trying to describe as possible in the paragraph
>below. I just had a hard enough time doing the 1st picture. The only
>issue would be if you're doing any kind of logging on the firewall,
>although I su
On Thu, 13 Jul 2000, Paul Lussier wrote:
> This is the way things are usually done with LVS, though I don't see why you
> couldn't do:
>
> I
> --
> | R |
> --
>
In a message dated: Wed, 12 Jul 2000 23:07:17 EDT
Jeffry Smith said:
>LVS was developed by Wensong Zhang , homed at
>www.linuxvirtualserver.org, and is the basis of Ultramonkey and
>Piranha. It's designed for doing redirection of web requests (let's
>see how good my text drawing is):
>
>
In a message dated: Wed, 12 Jul 2000 21:58:20 EDT
"Chad R. Henry" said:
>I was going to mention using a Local Director earlier, but hesitated
>because of the cost. Retail for a Local Director is ~$25,000!
You could use LVS do this too, either via cobbling the various parts together
yourself,
In a message dated: Wed, 12 Jul 2000 14:36:29 EDT
[EMAIL PROTECTED] said:
>I am looking for information on setting up a IPchains Firewall system
>with redundant servers, and failover capability. I have been looking,
>and have found some information on commercial products that provide
>these capa
"Kenneth E. Lussier" wrote:
>
> What separates web farms, and most other internet services, from
> firewalls is that most internet servers don't really care what
> there IP address is, and neither does a client of that service.
> With a firewall, IP addresses are extremely important. Sure, you
>
On 12 Jul 2000, at 21:19, Kenneth E. Lussier wrote:
> What separates web farms, and most other internet services, from
> firewalls is that most internet servers don't really care what
> there IP address is, and neither does a client of that service.
> With a firewall, IP addresses are extremely i
What separates web farms, and most other internet services, from
firewalls is that most internet servers don't really care what
there IP address is, and neither does a client of that service.
With a firewall, IP addresses are extremely important. Sure, you
can write an IPChains script using domain
I'm not sure what you're looking for, but this may be it:
http://ultramonkey.sourceforge.net
...Ultra Monkey is a project to build scalable server solution using
Open Source components on the Linux Operating System. Ultra Monkey has
grown from a technology demonstration shown at Linux Wo
Josh,
If I am understanding your needs correctly, you want to have one
firewall, but if it should hang, you want anotherone to take it's
place automagically, and kill the hung system so that it doesn't
come back unexpectedly and hose both of them. If this is correct,
then, at the risk of sounding
HmmI guess I should be more specific. I have a firewall that runs
with IPChains here in our office. If this server should go down I need
to have a backup server ready to go in place. For the interim I am going
to setup another identical system, and just copy the ruleset over to the
firewall pe
[EMAIL PROTECTED] wrote:
>
> I am looking for information on setting up a IPchains Firewall system
> with redundant servers, and failover capability. I have been looking,
> and have found some information on commercial products that provide
> these capabilities, but I wanted to know if anyone el
I am looking for information on setting up a IPchains Firewall system
with redundant servers, and failover capability. I have been looking,
and have found some information on commercial products that provide
these capabilities, but I wanted to know if anyone else on the list
knows of any projects,
34 matches
Mail list logo