2
# Synchronizer settings
6
# Entries committed to the connection tracking table
7
# starts with a limited timeout of N seconds until the
8
# takeover process is completed.
14
# Multicast IP and interface where messages are
15
# broadcasted (dedicated link). IMPORTANT: Make sure
16
# that iptables accepts traffic for destination
19
# iptables -I INPUT -d 225.0.0.50 -j ACCEPT
20
# iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
23
IPv4_address 225.0.0.50
24
IPv4_interface 192.168.100.200 # IP of dedicated link
28
# The multicast sender uses a buffer to enqueue the packets
29
# that are going to be transmitted. The default size of this
30
# socket buffer is available at /proc/sys/net/core/wmem_default.
31
# This value determines the chances to have an overrun in the
32
# sender queue. The overrun results packet loss, thus, losing
33
# state information that would have to be retransmitted. If you
34
# notice some packet loss, you may want to increase the size
35
# of the sender buffer. Note: This protocol is best effort,
36
# really recommended to increase the buffer size.
38
McastSndSocketBuffer 1249280
40
# The multicast receiver uses a buffer to enqueue the packets
41
# that the socket is pending to handle. The default size of this
42
# socket buffer is available at /proc/sys/net/core/rmem_default.
43
# This value determines the chances to have an overrun in the
44
# receiver queue. The overrun results packet loss, thus, losing
45
# state information that would have to be retransmitted. If you
46
# notice some packet loss, you may want to increase the size of
47
# the receiver buffer. Note: This protocol is best effort,
48
# really recommended to increase the buffer size.
50
McastRcvSocketBuffer 1249280
53
# Enable/Disable message checksumming
56
# Uncomment this if you want to replicate just certain TCP states.
57
# This option introduces a tradeoff in the replication: it reduces
58
# CPU consumption and lost messages rate at the cost of having
59
# backup replicas that don't contain the current state that the active
60
# replica holds. TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED,
61
# FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSE, LISTEN.
63
# Replicate ESTABLISHED TIME_WAIT for TCP
65
# If you have a multiprimary setup (active-active) without connection
66
# persistency, ie. you can't know which firewall handles a packet
67
# that is part of a connection, then you need direct commit of
68
# conntrack entries to the kernel conntrack table. OSPF setups must
69
# set on this option. Default is Off.
71
# CacheWriteThrough On
79
# Number of buckets in the caches: hash table
84
# Maximum number of conntracks:
85
# it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
90
# Logfile: on, off, or a filename
91
# Default: on (/var/log/conntrackd.log)
96
# Syslog: on, off or a facility name (daemon (default) or local0..7)
104
LockFile /var/lock/conntrack.lock
107
# Unix socket configuration
115
# Netlink socket buffer size
117
SocketBufferSize 262142
120
# Increase the socket buffer up to maximum if required
122
SocketBufferSizeMaxGrown 655355
126
# Ignore traffic for a certain set of IP's: Usually
127
# all the IP assigned to the firewall since local
128
# traffic must be ignored, just forwarded connections
129
# are worth to replicate
132
IPv4_address 127.0.0.1 # loopback
133
IPv4_address 192.168.0.2
134
IPv4_address 192.168.1.2
135
IPv4_address 192.168.100.200 # dedicated link ip
136
IPv4_address 192.168.0.200 # virtual IP 1
137
IPv4_address 192.168.1.200 # virtual IP 2
141
# Do not replicate certain protocol traffic
148
# numeric numbers also valid