guillaume.delacour at adelux
May 15, 2012, 1:54 AM
Post #2 of 2
(246 views)
Permalink
|
|
Re: Changing ip source address on firewall clusters
[In reply to]
|
|
Reply to myself: the ocf:heartbeat:Route agent have a source and a table argument, that we exactly need, sorry for the noise.
----- Mail original -----
De: "Guillaume Delacour" <guillaume.delacour [at] adelux>
À: pacemaker [at] oss
Envoyé: Mardi 15 Mai 2012 10:19:09
Objet: [Pacemaker] Changing ip source address on firewall clusters
Hello,
We have a cluster of two firewalls that have multiple interfaces and zones routed/filtered.
Everything works as expected but we want to change the ip source address and the "LAN" interface to use the vip of the cluster (for simplify other firewall levels rules).
The ocf:heartbeat:IPsrcaddr look a good candidate for that, but we manage a routing table (called ha) and the agent doesn't allow to choose the table to change the source ip of a route (currently the table changed is main).
So we have two alternatives i think:
* "Fork" the IPsrcaddr agent to support passing a routing table as argument
* Create an lsb initscript to change the source ip address in our custom routing table
Or do you have any other suggestion ?
Thanks in advance.
--
Guillaume Delacour
_______________________________________________
Pacemaker mailing list: Pacemaker [at] oss
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
--
Société Adelux - http://www.adelux.fr/
Guillaume Delacour
tél. 01 40 86 45 83
_______________________________________________
Pacemaker mailing list: Pacemaker [at] oss
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
|
