Hi, In most cluster tutorials, for simplicity, iptables is turned off. Funny thing is that iptables is what I want to configure in HA cluster (as redundant firewalls).
While reading the documentation I did not understand fully how IpAddr2 resource is configured. Let me explain: I have 2 cluster nodes with following network config: NIC1 - External Internet - 80.80.80.80 (81 for node2) NIC2 - Internal LAN - 10.0.0.80 (81 for node2) NIC3 - Heartbeat - 192.168.0.80 (81 for node2) NIC4 - Storage Net - 172.16.0.80 (81 for node2) I want 2 addresses to fail over: 80.80.80.1 VIP in External segment 10.0.0.1 VIP in LAN segment Question #1: When I configure IpAddr2 resource, how does it work? Especially if I want to use external address that are public. The network adapter goes in PROMISCUOUS mode and listens to all traffic, while filtering its IP and VIP? Does it load the routers? What I need to add another address from a different IP subnet, let's say 180.180.180.180, since I don't have any adapters configures in this IP subnet, will it work? Can I somehow assign this IpAddr2 to be routed through NIC1 (static routes on both nodes?) Question #2: The whole clustering thingy works by stopping the service on one node and starting it on the other. In my case, I would not want iptables to be stopped but instead restarted with a "passive" config, like block all traffic from outside (instead of dropping firewall entirely). How would I go about it? Custom scripts? Is there any extensive documentation on cluster networking somewhere? How do the VIPs technically work? Best regards, Karlis _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
