* Is it possible to sync ip_conntrack between 2 hosts?
@ 2003-05-02 22:01 Zack Lawson
2003-05-02 22:32 ` Cedric Blancher
2003-05-03 3:41 ` Julian Gomez
0 siblings, 2 replies; 3+ messages in thread
From: Zack Lawson @ 2003-05-02 22:01 UTC (permalink / raw)
To: netfilter
I am trying to setup up a failover firewall using heartbeat. Everything
seems to work just fine except for the fact that the state of existing
connections is lost when the running firewall is stopped.
Is there any way to share the info in /proc/net/ip_conntrack between
these 2 systems?
If not, does anyone else have any ideas or solutions to this problem?
I know that Cisco firewalls have this capability. I would be surprised
if netfilter couldn't accomplish this as well.
Thank you for your help
--
Zack Lawson <zack@etecom.com>
Systems Administrator
Einstein Industries Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Is it possible to sync ip_conntrack between 2 hosts?
2003-05-02 22:01 Is it possible to sync ip_conntrack between 2 hosts? Zack Lawson
@ 2003-05-02 22:32 ` Cedric Blancher
2003-05-03 3:41 ` Julian Gomez
1 sibling, 0 replies; 3+ messages in thread
From: Cedric Blancher @ 2003-05-02 22:32 UTC (permalink / raw)
To: Zack Lawson; +Cc: netfilter
Le sam 03/05/2003 à 00:01, Zack Lawson a écrit :
> I am trying to setup up a failover firewall using heartbeat. Everything
> seems to work just fine except for the fact that the state of existing
> connections is lost when the running firewall is stopped.
> Is there any way to share the info in /proc/net/ip_conntrack between
> these 2 systems?
I am not aware of a free working solution based on Netfilter that would
provide firewall states failover. There have been discussion (see low
traffic netfilter-failover mailing list) about this.
> If not, does anyone else have any ideas or solutions to this problem?
> I know that Cisco firewalls have this capability. I would be surprised
> if netfilter couldn't accomplish this as well.
It can't now, but it is planed. It will use nf-netlink and ct-netlink
you can find in POM.
--
Cédric Blancher <blancher@cartel-securite.fr>
IT systems and networks security - Cartel Sécurité
Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Is it possible to sync ip_conntrack between 2 hosts?
2003-05-02 22:01 Is it possible to sync ip_conntrack between 2 hosts? Zack Lawson
2003-05-02 22:32 ` Cedric Blancher
@ 2003-05-03 3:41 ` Julian Gomez
1 sibling, 0 replies; 3+ messages in thread
From: Julian Gomez @ 2003-05-03 3:41 UTC (permalink / raw)
To: netfilter
On Fri, May 02, 2003 at 03:01:35PM -0700, Zack Lawson spoke thusly:
>I am trying to setup up a failover firewall using heartbeat. Everything
>seems to work just fine except for the fact that the state of existing
>connections is lost when the running firewall is stopped.
(snip)
Its planned for the iptables2 release. Check the archives, Harald has
mentioned it before.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-05-03 3:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-05-02 22:01 Is it possible to sync ip_conntrack between 2 hosts? Zack Lawson
2003-05-02 22:32 ` Cedric Blancher
2003-05-03 3:41 ` Julian Gomez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox