Shorewall within heartbeat cluster

R

rootkid

Member
Jul 2, 2010
45
1
8
Hi guys,

a friend's server and my Proxmox VE are located in the same datacenter. i offered him a VM on my host for standby. so he set up a DRBD device between his host and VM (works fine) and a cluster IP that's configured to the active node using heartbeat.

how must i configure shorewall to make it handle the cluster IP only if the VM is the active node?
AFAIK i must configure proxyarp for the VM's ip and the cluster ip. But if his own host is the active one, shorewall would answer arp requests to the cluster ip as well as his own host.
Is there another way how this can be solved?

any help is welcome :)

BR,
Heiner
 
My current network setup:
- eth0 & eth1 forming bonding device "bond0"
- virtual bridge "vmbr0" for my VMs (those which don't need to be accessable from "world")
- shorewall firewall (on VE hardware) routing traffic between "world" and proxmox VE

see my /etc/network/interfaces:
Code: 
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet static
        slaves eth0 eth1
        bond_miimon 100
        bond_mode active-backup
        bond_downdelay 200
        bond_updelay 200
        address  195.71.90.2
        netmask  255.255.255.128
        gateway  195.71.90.1

auto vmbr0
iface vmbr0 inet static
        address  10.0.0.1
        netmask  255.0.0.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

could i create a second vmbr between "world" and shorewall firewall and add the friend's VM to that bridge? this should solve the ARP problem, right?
how must i set up bond0 and the proxmox ve's own ip?
would this work?
Code: 
# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

auto bond0
iface bond0 inet manual
        slaves eth0 eth1
        bond_miimon 100
        bond_mode active-backup
        bond_downdelay 200
        bond_updelay 200

auto vmbr0
iface vmbr0 inet static
        address  10.0.0.1
        netmask  255.0.0.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  195.71.90.2
        netmask  255.255.255.128
        gateway  195.71.90.1
        bridge_ports bond0
        bridge_stp off
        bridge_fd 0

BR,
Heiner
 
Last edited:
You must log in or register to reply here.
Top Bottom