Tags:
tag this topic
create new tag
view all tags
Firewall Routing Setup My goal here is to have two firewalls, one active, one passive. This involves a few things: the basic layout of the ethernet devices (via udev rules), Heartbeat, TCP tuning, and (maybe) some basic routing rules. ---++++ Ethernet Device + Udev setup <div id="_mcePaste">[root@fw01 ~]# cat /etc/udev/rules.d/60-net.rules</div> <div id="_mcePaste">#ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:30:48:cf:31:8c", NAME="eth0"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:30:48:cf:31:8d", NAME="eth1"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:1b:21:4f:4d:78", NAME="eth2"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:1b:21:4f:4d:79", NAME="eth3"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:0e:1e:03:06:72", NAME="eth4"</div> <div id="_mcePaste">ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:0e:1e:03:06:73", NAME="eth5"</div> <div id="_mcePaste">SUBSYSTEM=="net", RUN+="/etc/sysconfig/network-scripts/net.hotplug"</div> [root@fw02 ha.d]# cat /etc/udev/rules.d/60-net.rules <br />#ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device"<br />ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:30:48:cf:31:8a", NAME="eth0"<br />ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:30:48:cf:31:8b", NAME="eth1"<br />ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:1b:21:34:65:21", NAME="eth2"<br />ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:1b:21:34:65:20", NAME="eth3"<br />ACTION=="add", SUBSYSTEM=="net", IMPORT{program}="/lib/udev/rename_device", SYSFS{address}=="00:60:dd:46:c7:58", NAME="eth4"<br />SUBSYSTEM=="net", RUN+="/etc/sysconfig/network-scripts/net.hotplug" <br />With these systems, I am using the following layout: ---++++++ fw01: eth1 - 1Gb heartbeat connection - 10.187.66.78<br />eth2 - 10Gb copper to Force 10 - 148.187.66.78<br />eth4 - 10Gb fiber connection to gateway (outside world) - 148.187.73.4<br />ib0 - infiniband connection to IB network - 148.187.68.3 ---++++++ fw02: eth1 - 1Gb heartbeat connection - 10.187.66.79<br />eth2 - 10Gb copper to Force 10 - 148.187.66.79<br />eth4 - 10Gb fiber connection to gateway (outside world) - 148.187.73.5<br />ib0 - infiniband connection to IB network - 148.187.68.4 ---++++++ routing IP addresses (the gateway addresses that clients will use, and that are controlled by heartbeat): 148.187.66.2 (64 eth gateway)<br />148.187.68.2 (64 ib gateway)<br />148.187.73.3 (gateway to outside world) ---++++ Heartbeat Here's the basic setup of my heartbeat ---++++ TCP Tuning ---++++ Basic Routing -- Main.JasonTemple - 2010-12-16
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Ra
w
edit
|
M
ore topic actions
Topic revision: r3 - 2010-12-17
-
JasonTemple
Sandbox
Log In
Sandbox Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Webs
CmsTier3
LCGTier2
PhaseC
Main
Sandbox
TWiki
Home
Site map
CmsTier3 web
LCGTier2 web
PhaseC web
Main web
Sandbox web
TWiki web
Sandbox Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
P
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
E
dit
A
ttach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback