[Pacemaker] Active-Active HA Firewall
Marcel Hauser
marcel_hauser at gmx.ch
Thu Oct 14 17:19:39 UTC 2010
Hi All
I'm very new to pacemaker... so please forgive me if i'm asking silly
questions :-)
I would like to build an HA Active-Active Firewall based on:
- iptables
- conntrack-tools
- corosync
- pacemaker
i do know about fwbuilder and that it's possible to use fw builder in
order to build a cluster configuration. I've also read a pdf dated in
feb 2009 about ha firewalls by using heartbeat.
i've read and tried to implement everything by reading the "cluster from
scratch" guide.
Currently i have successfully build a 2 node cluster based on pacemaker
with cloned ip's for the external network card and the internal network
card.
basically my questions are now:
- are there any example configurations/"best practice guides" for an
active-active iptables firewall using the above mentioned tools ? (in
the end i will have about 50 public ip's... and 5 internal networks
using vlan tags on the internal nic)
- am i on the right track to create cloned ip's for the internal ip's as
well as the external ip's ? how about the "network flow" if using two
active firewalls ?
- how would you guys detect a firewall failure on any node (pingd ??)...
and if a failure occurs... will the crm automatically unconfigure the
cloned ip's on that node ?
i do know that my questions are not directly related to pacemaker... but
i thought i might reach the most users with the same goal on this list.
any help hints and/or example scripts or configurations or links to how
to guides would be very much appreciated!
Marcel
More information about the Pacemaker
mailing list