Hi All I am trying to set up a very simple logstash test. I am following the book and I have been successful with getting a server going with one instance of each element in the ELK stack. Successful as long as I turn off iptables!
Since this is not an option I need some guidance to what ports I need to have open. This is the iptables status: root # service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 4 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 6 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:536 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:9200:9400 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9302 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9303 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9304 17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9305 18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5514 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6379 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9300 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9301 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9200 23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9292 24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:537 25 ACCEPT tcp -- 172.27.104.0/24 0.0.0.0/0 26 ACCEPT tcp -- 172.27.80.0/25 0.0.0.0/0 27 ACCEPT tcp -- 0.0.0.0/0 224.2.2.4 28 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited It seems to have something to do with discovery in the elasticsearch initialization. After logstash is running I can turn iptables on and it continues to work. Does anyone have a suggestion on what iptables might be blocking? I could do a work around to start iptables after logstash and elasticsearch are up and running but that doesn't seem right. I can send logs if that would help. This is the system and versions Red Hat Enterprise Linux Server release 6.5 (Santiago) Logstash Version: # /opt/logstash/bin/logstash --version logstash 1.4.2-modified Elasticsearch Version: from the elasticsearch logs version[1.2.1], pid[17907], build[6c95b75/2014-06-03T15:02:52Z] Redis version 2.4.10 Thanks Lois -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/61335730-1253-487d-b613-1ec306c85159%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
