after upgrade to debian stretch i had to add the following firewall entries: for the FTP servers: for the nat-routers between FTP servers and FTP clients: for the FTP clients: related articles: https://home.regit.org/netfilter-en/secure-use-of-helpers/
i use this setup for few lxc servers. bonding provides me layer2 failover based on arp probes [ so it’ll work even if switch link stays up yet forwarding fails the mechanism will kick in ]. this is continuation of an earlier post, this time under debian stretch
one day an openvpn that used to carry traffic for the last 7 years started to misbehave. openvpn’s own built in watchdog was restarting it every few minutes. one of the tunnels endpoints – a- is behind NAT that we don’t control, another – b – is a host with public ip address.
the idea: i’d like to run kvm/lxc on debian, have guests bridged to couple of vlans and handle the network failover on the host level. network failure should be detected using arp probes not just the link [ mii ] status. after few attempts i got it working in the test environment.
few days ago, after 19 weeks of waiting, i have finally received my raspberry pi.
this post inspired me to check how much performance can we gain by just upgrading to more recent kernel on the internet-facing proxy servers at work.
goal: layer-2 failover without any special features on the switch level. after recent hang of on of switches i’d like to improve reliability of connectivity within a server rack. i already have all servers connected to two different switches… now it’s time for automated failover.
some of my old notes i’ve prepared back in 2005 for network lab i supervised [ in polish… ]