On 06/02/2011 04:23 PM, imnotpc wrote: > On Thursday, June 02, 2011 15:59:41 Digimer wrote: >> On 06/02/2011 03:55 PM, imnotpc wrote: >>> I'm a new user with a simple question which I could not find an answer to >>> in the docs. The Clusters from Scratch document tells you to disable >>> iptables and I've inadvertantly found out why when I loaded my standard >>> firewall script and broke my cluster. My question is: Is the >>> corosync/pacemaker stack inherently incompatible with iptables or are >>> there just certain iptables modules or configurations that cause >>> problems? >>> >>> Thanks, Jeff >> >> You just need to know the ports to open. Here is the list of ones I know >> of: >> >> Port Protocol Component >> 5404, 5405 UDP cman >> 8084, 5405 TCP luci >> 11111 TCP ricci >> 14567 TCP gnbd >> 16851 TCP modclusterd >> 21064 TCP dlm >> 50006, 50008, 50009 TCP ccsd >> 50007 UDP ccsd >> >> Note that this is from a RHCS2 (openais) perspective. I may be missing >> pacemaker-specific ones. > > Appreciate the quick response. It's good to know iptables can work. I can't > imagine no firewall even on an internal box. In my configuration everything > (nearly) that gets blocked gets logged so now I need to find out why I'm not > seeing any of these ports show up in my firewall log.
On second though, those are *all* RHCS specific ports. That would explain why you are not seeing them. I need more coffee... In your openais/corosync config, you will have defined an IP address and port for each ring. Check there and make sure those ports are open. -- Digimer E-Mail: [email protected] Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org "I feel confined, only free to expand myself within boundaries." _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
