Re: Whacky Iptables Wizardry

[Lucas J Barbuto <lucas@stabat.com>]

Hi All,

Thanks again Tarragon.

> Ok, that makes more sense. Yes, it could be done, again I'd look at the 
> transparent proxy iptables rules for some guidelines... Messy, and
> probably a little slow, but it should work.

Great, I'll look into it.

> Note that, as far as your servers will be concerned, all traffic will be 
> originating from the 238 address for the duration of the outage.

Thanks for this tip.

> What does the arp table look like when it stops working? It might be that arp 
> is saying "hey, there are two addresses on the same MAC" and removes one. 
> Maybe putting a static entry in for both addresses on that MAC might work?

I can't remember, I'm pretty sure both entries were still there, one
with an 'M' for manual next to it.  I'll try it out again but with two
static entries and see what happens this time.  Isn't it a little
kludgey doing it this way though?  I wonder why the proxy ARP doesn't
work properly...

Regards,

Lucas