All of lore.kernel.org
 help / color / mirror / Atom feed
* Gateway cluster using iptables and CLUSTERIP
@ 2006-03-30 16:31 Robert LeBlanc
  2006-03-31  9:54 ` KOVACS Krisztian
  0 siblings, 1 reply; 3+ messages in thread
From: Robert LeBlanc @ 2006-03-30 16:31 UTC (permalink / raw)
  To: netfilter

I am basically familiar with iptables and can do some of the usual
stuff, block and drop packets, NAT, etc. I'm working on a project that
would provide an active-active gateway cluster using iptables and
heartbeat. I've got heartbeat configured to failover and failback the
CLUSTERIP, but CLUSTERIP address will not respond to network activity
and the host interface reports that the destination is not known.
Running tcpdump on the interface when doing a ping show arp traffic
requesting who has the address, but there is never a response. I did get
this to work once before, but it will not work again.

I've entered:

iptables -A INPUT -I eth1 -d 10.0.0.1 -j CLUSTERIP -new -hashmode
sourceip -clustermac 01:83:91:A7:0D:33 -total-nodes 1 -local-nodes 1

I have entered only one node in the cluster so that I would not have to
bring up both nodes during the testing or remember to add the other node
to /proc/net/ipt_CLUSTERIP/10.0.0.1.

I am running Debian stock kernel 2.6.15-1-686 and iptables v1.3.3. The
documentation that I have found has been very sparse and no one seemed
to have an answer for the lack of arp response. Once I get this problem
figured out, I will need help with getting this address to work as the
gateway address for the network. I'm not sure how to hook that address
in the SNAT chain (is that even what it is called?).

Thanks,
Robert LeBlanc
Brigham Young University


^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: Gateway cluster using iptables and CLUSTERIP
@ 2006-03-31 14:20 Robert LeBlanc
  0 siblings, 0 replies; 3+ messages in thread
From: Robert LeBlanc @ 2006-03-31 14:20 UTC (permalink / raw)
  To: netfilter

Unfortunately setting nodes to 2 and having the node respond to both
dose not work either. I'm in the process of putting together a 2.6.16.1
kernel and getting the latest iptables compiled to see if it is a bug
that was fixed.

Robert LeBlanc
Brigham Young University

> -----Original Message-----
> From: KOVACS Krisztian [mailto:hidden@balabit.hu]
> Sent: Friday, March 31, 2006 2:55 AM
> To: netfilter@lists.netfilter.org
> Cc: Robert LeBlanc
> Subject: Re: Gateway cluster using iptables and CLUSTERIP
> 
> 
>   Hi,
> 
> On Thursday 30 March 2006 18.31, Robert LeBlanc wrote:
> > iptables -A INPUT -I eth1 -d 10.0.0.1 -j CLUSTERIP -new -hashmode
> > sourceip -clustermac 01:83:91:A7:0D:33 -total-nodes 1 -local-nodes 1
> >
> > I have entered only one node in the cluster so that I would not have
to
> > bring up both nodes during the testing or remember to add the other
node
> > to /proc/net/ipt_CLUSTERIP/10.0.0.1.
> 
>   Strange. Please note that apparently there are very few CLUSTERIP
users
> out there, so this might also be a bug. Does setting total-nodes to 2
> help?
> 
> --
>  Regards,
>   Krisztian Kovacs



^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-03-31 14:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-30 16:31 Gateway cluster using iptables and CLUSTERIP Robert LeBlanc
2006-03-31  9:54 ` KOVACS Krisztian
  -- strict thread matches above, loose matches on Subject: below --
2006-03-31 14:20 Robert LeBlanc

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.