On Fri, 18 Sep 2020 09:03:56 +0200 "Jord Wegge (Aqua Bio)" <jwe...@aquabio.be> wrote:
> Hello all, > I’ve noticed the archived website is quite out of date... > > As for the pacemaker-option, I think I understand your setup, but > could you please share some information? > > F.I. do you also use VIP's for your pub IP’s? How do you keep > configuration between both FW in sync? Shared storage? Corosync? We have one static ip per firewall on all interfces. So outside firewall we have three ip addresses. Yes, you can also do this setup with single public ip but that is very tricky because that means other firwall doesn't have internet connectivity. corosync is not moving any files, corosync is cluster communication layer used by pacemaker. We use our own tool to keep configurations in sync (it rsyncs configs between servers). Shared storage is too error-prone. What our toolset does is reload shrorewall, rsync configs to other server, reloads shorewall on other server making it sure that both servers run identical configuration. > > TIA > > Kind regards > Jord Wegge > Aquaculture Engineer > Joosen-Luyckx Aqua Bio > www.aquabio.be <http://www.aquabio.be/> > Oude Kaai 26 > 2300 Turnhout > Belgium > > Direct Line: +32 14 47 27 16 > Mobile: +32 495 50 38 95 > > Tel: +32 14 47 27 10 > Fax: +32 14 42 09 24 > > Please consider the environment before printing this e-mail > > > > Op 17 sep. 2020, om 20:59 heeft Tuomo Soini <t...@foobar.fi> het > > volgende geschreven: > > > > On Thu, 17 Sep 2020 19:42:51 +0200 > > "Jord Wegge (Aqua Bio)" <jwe...@aquabio.be> wrote: > > > >> Hello people, > >> > >> I'm looking for a way to keep 2 firewalls (shorewall obviously) in > >> failover. > >> > >> There is a mentioning on the FAQ for this, but the link supplied is > >> not valid any more… > >> > >> (FAQ 65) How do I accomplish failover with Shorewall? > >> > >> Answer: This article by Paul Gear > >> <http://linuxman.wikispaces.com/Clustering+Shorewall> should help > >> you get started. > > > > That article is unfortunately completely out of date already. > > > > I've been running shorewall in active-backup cluster setup > > successfully by using packemaker for clustering. All vlans on both > > firewalls are active all the time, both vlans have native address > > on all vlans and one virtual address. Both firewalls have shorwall > > active all the time. > > > > In case of failover cluster software moves virtual ip from > > firewall1 to firewall2 and network continues to work in some > > seconds. Nothing else changes but network flow moves from firewall > > to another. > > > > -- > > Tuomo Soini <t...@foobar.fi> > > Foobar Linux services > > +358 40 5240030 > > Foobar Oy <https://foobar.fi/> > > > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
