[Pacemaker] Cluster forward problem

[Michael Schwartzkopff]

On Thursday 14 October 2010 22:20:08 Luana C. Rocha wrote:
>   Hi,
> 
> I've configured two ubuntu 10.04 x64 Kernel 2.6.32-21 with pacemaker and
> heartbeat as my network gateway, both active sharing the same ip address.
> If I point the client machines gateway to the real ip of one the
> machines in the cluster, everything works perfectly (i've tested using
> the real ip of both machines in the cluster).
> If I point the client machines gateway to the virtual Ip shared between
> the servers in the cluster, i can't access nothing, even when all
> iptables rules are allowing the traffic.
> I can use the virtual ip to connect to resources available in the
> cluster machines like ssh (of course in this case i can't predict whose
> machine will answer, but it works). Seems like the problem is in the
> packet forward.
> With tcpdump  i can see the package arriving in the local interface but
> i can't see the package in the external interface.
> The parameter net.ipv4.ip_forward is set to 1 in the /etc/sysctl.conf.
> I've transcript my configuration bellow. Can someone point me what is
> wrong?
(...)

Hi,

as far as I understood your post you want to create a HA firewall sharing the 
load between both nodes. Am I right?

The problem is that the CLUSTERIP targer is only valid for the INPUT chain, 
not for the FORWARD chain. So it is not possible to set up a load sharing 
firewall with both nodes active.

But a HA firewall works perfectly in aa active/passive setup. One node is 
capable firewalling 1 GBit/s or more traffic.

Greetings,

-- 
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20101014/7ca2989a/attachment-0004.sig>