0

I'm following this tutorial to setup keepalived: https://www.redhat.com/sysadmin/keepalived-basics

It requires two hosts to share one external IP, where the second host is the failover.

I'm unsure how to go about this, and I have been searching for a good while, without success. I've come with this idea in /etc/shorewall/nat, but I'm sure it'll mess things up:

# proxy1
1.2.3.4    eth0    192.168.0.10    No    No
# proxy2
1.2.3.4    eth0    192.168.0.11    No    No

And then have these rules:

# proxy1
Web/DNAT    net    dmz:192.168.0.10    - - - 1.2.3.4
# proxy2
Web/DNAT    net    dmz:192.168.0.11    - - - 1.2.3.4

I have done no testing as we have no testing environment for firewall configurations, so changes are generally risky. shorewall check does not show any errors with this.

Will this work or completely mess up web traffic? If it doesn't work, how should I otherwise solve this problem?

Any help will be greatly appreciated.

OH MY DEAR PUFFINS
  • 37
  • 1
  • 9
  • What is the purpose of this Shorewall configuration, then? It doesn't seem at all related to the tutorial you linked to. – Michael Hampton Aug 14 '20 at 14:58
  • @MichaelHampton The tutorial is there for context, I should have been clear; sorry about that. The question is simply, how do I share one external IP between two hosts? We usually just masquerade one external IP to a single internal IP, which is done by shorewall. This time we need to have to internal IPs share one external IP, where one of the internals are a fail over. – OH MY DEAR PUFFINS Aug 14 '20 at 15:14
  • 1
    You NAT to _one_ internal IP, the one that is shared between the two hosts. – Michael Hampton Aug 14 '20 at 15:15

0 Answers0