iptables conntrack synchronization - Security

This is a discussion on iptables conntrack synchronization - Security ; I all. We have two firewall configured in failover active/standby with keepalived, all works well, but when backup fw switch to master role, all connections go down. Is there any way to perform ip_conntrack sync between the two firewall? I've ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables conntrack synchronization

  1. iptables conntrack synchronization

    I all.

    We have two firewall configured in failover active/standby with
    keepalived, all works well, but when backup fw switch to master role,
    all connections go down.

    Is there any way to perform ip_conntrack sync between the two firewall?

    I've read something about ctnetlink, but I can't find nothing useble
    for my needs...

    We are using two debian-sarge machines.

    Thanks
    Daniele

  2. Re: iptables conntrack synchronization

    On Thu, 06 Apr 2006 05:34:57 -0700, kayhansen wrote:

    > We have two firewall configured in failover active/standby with
    > keepalived, all works well, but when backup fw switch to master role,
    > all connections go down.

    Great that it works. But i'd have a look at UCARP anyways:
    http://www.ucarp.org/project/ucarp

    > Is there any way to perform ip_conntrack sync between the two firewall?

    Have a read through the README file here:
    http://svn.netfilter.org/cgi-bin/vie.../netfilter-ha/

    --
    -Menno.

+ Reply to Thread
« ssh logs? | SSHD multiple log entries? »