Dear Mailinglist,
we try to use spread/wackamole for one of our linux firewalls. We =
managed to
make both addresses (internel and external of the firewall) to change =
even
in case of only one interface beeing down, but we still have a problem =
to
find the right prefered parameter.
We do have a class b network on the internal interface and a class c =
network
on the outside interface . Our conf file looks like this:
Spread =3D 4803
SpreadRetryInterval =3D 5s
Group =3D wack1
Control =3D /var/run/wack.it
# Die bevorzugte Netzwerkkarte
Prefer {
eth0:172.16.253.49/16
eth1:193.17.4.200/24
}
# ALLE Virtuellen Interfaces =20
VirtualInterfaces {
eth0:172.16.253.51/16
eth1:193.17.4.202/24=09
}
Arp-Cache =3D 90s
# Beim Ausfall werden benachrichtigt
Notify {
# Let's notify our router:
eth0:172.16.1.1/32
eth0:172.16.253.50/32
eth0:172.16.253.44/32
eth0:195.145.130.24/32
eth1:193.17.4.201/32
Arp-cache
}
When we start the system we receive hundreds of errormessages "Only 254
prefered allowed" and no preferation works at all. We need to define =
the
main firewall as prefered machone to use, because the cpu power on this =
box
allows us to run an ids system in addition (snort) to the firewalling
activity. In case of using the backup hardware we can't run the ids, =
but all
other functions will continue to work and this is more than acceptable =
for
us.
How is the right syntax for this prefered option or are there other =
ways to
configure this prefered server scenario.
Thanks for your help.
Mit freundlichen Gr=FC=DFen / Best regards
Jens Neumann
Jens Neumann
ZEDA GmbH & Co. KG , Dept. ZDT
M=FChlenweg 17-37
D - 42270 Wuppertal
Email: jens.neumann@zeda.de <mailto:jens.neumann@zeda.de>=20
we try to use spread/wackamole for one of our linux firewalls. We =
managed to
make both addresses (internel and external of the firewall) to change =
even
in case of only one interface beeing down, but we still have a problem =
to
find the right prefered parameter.
We do have a class b network on the internal interface and a class c =
network
on the outside interface . Our conf file looks like this:
Spread =3D 4803
SpreadRetryInterval =3D 5s
Group =3D wack1
Control =3D /var/run/wack.it
# Die bevorzugte Netzwerkkarte
Prefer {
eth0:172.16.253.49/16
eth1:193.17.4.200/24
}
# ALLE Virtuellen Interfaces =20
VirtualInterfaces {
eth0:172.16.253.51/16
eth1:193.17.4.202/24=09
}
Arp-Cache =3D 90s
# Beim Ausfall werden benachrichtigt
Notify {
# Let's notify our router:
eth0:172.16.1.1/32
eth0:172.16.253.50/32
eth0:172.16.253.44/32
eth0:195.145.130.24/32
eth1:193.17.4.201/32
Arp-cache
}
When we start the system we receive hundreds of errormessages "Only 254
prefered allowed" and no preferation works at all. We need to define =
the
main firewall as prefered machone to use, because the cpu power on this =
box
allows us to run an ids system in addition (snort) to the firewalling
activity. In case of using the backup hardware we can't run the ids, =
but all
other functions will continue to work and this is more than acceptable =
for
us.
How is the right syntax for this prefered option or are there other =
ways to
configure this prefered server scenario.
Thanks for your help.
Mit freundlichen Gr=FC=DFen / Best regards
Jens Neumann
Jens Neumann
ZEDA GmbH & Co. KG , Dept. ZDT
M=FChlenweg 17-37
D - 42270 Wuppertal
Email: jens.neumann@zeda.de <mailto:jens.neumann@zeda.de>=20