When using Corosync with two rings via multi-cast addresses 226.94.1.1 (Port 5405) & 226.94.1.2 (Port 5406) what iptables rules are required to allow two nodes to communicate optimally without giving any undue access and making the rules too lenient?
I current have: iptables -A INPUT -p udp -m multiport --dports 5404,5405,5406 -j ACCEPT Will that allow all the communication a Corosync/Pacemaker setup requires for both rings? I have heard arguments that something like: iptables -I INPUT 1 -m pkttype --pkt-type multicast -j ACCEPT is required. However I cannot seem to replicate a situation where this assists if the first rule I listed above is already in place. The Red Hat documentation would seem to support the first approach. There is some IBM documentation espousing the second but is it just a case of a rule that is far too lenient when the first would do the job equally well whilst leaving no unnecessary ports open? _______________________________________________ discuss mailing list [email protected] http://lists.corosync.org/mailman/listinfo/discuss
