[Pacemaker] Changing ip source address on firewall clusters
Guillaume Delacour
guillaume.delacour at adelux.fr
Tue May 15 04:19:09 EDT 2012
Hello,
We have a cluster of two firewalls that have multiple interfaces and zones routed/filtered.
Everything works as expected but we want to change the ip source address and the "LAN" interface to use the vip of the cluster (for simplify other firewall levels rules).
The ocf:heartbeat:IPsrcaddr look a good candidate for that, but we manage a routing table (called ha) and the agent doesn't allow to choose the table to change the source ip of a route (currently the table changed is main).
So we have two alternatives i think:
* "Fork" the IPsrcaddr agent to support passing a routing table as argument
* Create an lsb initscript to change the source ip address in our custom routing table
Or do you have any other suggestion ?
Thanks in advance.
--
Guillaume Delacour
More information about the Pacemaker
mailing list