I try keepalived (just use the vrrp features ) on the firewall.With
normal configuration, i could ping
internal machine to external network.The problem is when i use virtual
ip address (assigned by keepalived), i couldnt ping the external
network.Maybe the iptables cant identify the virtual ip.Is there any way
i can do to solve this ?
Here is my setup
In the normal configuration, here is my architecture.
pc1 ------------eth0 [firewall ] eth0---------------pc2
> I use eth0 ip as gateway for pc1 and eth0 as a gateway for pc2.I can
> just ping until eth0 for pc1 until i do this in my iptables
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Note that EXTIF= eth0.
Then, i can ping pc2 from pc1.
But when i change both gateway to virtual ip of eth0 and eth1.I cant
ping both machine.So i suspect iptables doesnt not recognise virtual ip
Extol Corporation (M) Sdn Bhd
Get latest updates about Open Source Projects, Conferences and News.