Top
PRIMECLUSTER Global Link Services Configuration and AdministrationGuide 4.3Redundant Line Control Function

F.3.5 Unable to communicate using virtual IP addresses after configuring a firewall

Symptom:

Unable to communicate between GLS and the communication target using virtual IP addresses after configuring a firewall between the communication target and the local system to allow only virtual IP addresses to go through the firewall, by using the logical IP address takeover function in NIC switching mode.

Corrective action:

When using the logical IP address takeover function in NIC switching mode, set the firewall to enable communications with the physical IP address (which is set by the -e option of the hanetconfig command), or use the physical IP takeover function rather than the logical IP address takeover function.

Virtual IP addresses of the logical IP address takeover function are created as the IP addresses assigned to the logical interfaces (ethX:Y). When you communicate using the logical interfaces and when the remote host is the transmitting side, the packet's destination will be virtual IP addresses and the packet's source will be the IP address of the remote host. When the local host (virtual IP address) is the transmitting side, the packet's destination will be the IP address of the remote host and the packet's source will be the physical IP address according to the routing table. Therefore, the firewall must be set so that the physical IP address can go through the firewall when you use the logical IP address takeover function.

Figure F.4 The remote host is the transmitting side.

Figure F.5 The local host is the transmitting side.