iptables conntrack synchronization

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I all.

We have two firewall configured in failover active/standby with
keepalived, all works well, but when backup fw switch to master role,
all connections go down.

Is there any way to perform ip_conntrack sync between the two firewall?

I've read something about ctnetlink, but I can't find nothing useble
for my needs...

We are using two debian-sarge machines.


Re: iptables conntrack synchronization

On Thu, 06 Apr 2006 05:34:57 -0700, kayhansen wrote:

Quoted text here. Click to load it

Great that it works. But i'd have a look at UCARP anyways:

Quoted text here. Click to load it

Have a read through the README file here:
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/netfilter-ha /


Site Timeline