On 5/9/2018 11:55 PM, Mark Jonsen wrote: > Hello shorewall users, > > i'm currently trying to set up and redundant firewall with shorewall and > keepalived. > > I have to use the providers file because i have multiple public ip > adresses and for every ip a different gateway and interface, so the > traffic must be routed back to the same interface (track option in > providers) which worked fine in the past with my standalone shorewall. > > The problem at this point is, that the shorewall does not start or stop > when keepalived is in Backup state (Public IPs not bound, in > /etc/network/interfaces the public ip interfaces are defined as "inet > manual") with this error message: > ERROR: Can't determine the IP address of eth3 > > I've tried a workaround which restarts the shorewall when keepalived > notifies the MASTER state but this also doesn't worked as expected > because when the keepalived notify script runs the ip is not completely > bound which results in the same error. > > Does anyone have an idea how to fix that? Is that at all the best > practice for my case? >
Some hints: - The 'optional' option (http://shorewall.org/manpages/shorewall-interfaces.html) - The Shorewall commands: enable/disable/reenable: $ shorewall {enable|disable|reenable} <interface> -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
