https://bugzilla.redhat.com/show_bug.cgi?id=795061
Look at IPTablesConfig in the vdc_options table. ----- Original Message ----- > From: "Mike Burns" <[email protected]> > To: "Andrew Wells" <[email protected]> > Cc: "users" <[email protected]>, [email protected] > Sent: Saturday, March 24, 2012 7:19:26 PM > Subject: Re: [Users] [node-devel] iptables configuration is bad with bonded > network, fails to start Fedora 16 > > This is not ovirt-node from the description, forwarding on to > [email protected]. > > Mike > > On Sat, 2012-03-24 at 17:28 -0400, Andrew Wells wrote: > > when I start with fedora 16 with vdsm installed, the iptables > > configuration is generated but iptables does not start. I am using > > the > > stable ovirt-engine.repo > > > > > > [root@node1 ~]# service iptables status > > Redirecting to /bin/systemctl status iptables.service > > iptables.service - IPv4 firewall with iptables > > Loaded: loaded > > (/lib/systemd/system/iptables.service; enabled) > > Active: failed since Sat, 24 Mar 2012 > > 15:36:49 -0400; 1h 40min ago > > Main PID: 895 (code=exited, > > status=1/FAILURE) > > CGroup: > > name=systemd:/system/iptables.service > > > > > > > > > > > > > > [root@node1 ~]# cat /etc/sysconfig/iptables > > # oVirt default firewall configuration. Automatically > > generated by vdsm bootstrap script. > > *filter > > :INPUT ACCEPT [0:0] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > > -A INPUT -p icmp -j ACCEPT > > -A INPUT -i lo -j ACCEPT > > # vdsm > > -A INPUT -p tcp --dport 54321 -j ACCEPT > > # libvirt tls > > -A INPUT -p tcp --dport 16514 -j ACCEPT > > # SSH > > -A INPUT -p tcp --dport 22 -j ACCEPT > > # guest consoles > > -A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT > > # migration > > -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT > > # snmp > > -A INPUT -p udp --dport 161 -j ACCEPT > > # Reject any other input traffic > > -A INPUT -j REJECT --reject-with icmp-host-prohibited > > -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT > > --reject-with icmp-host-prohibited > > COMMIT > > _______________________________________________ > > node-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/node-devel > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ node-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/node-devel
