On Thursday, June 02, 2011 16:30:55 Digimer wrote: > On 06/02/2011 04:23 PM, imnotpc wrote: > > On Thursday, June 02, 2011 15:59:41 Digimer wrote: > >> On 06/02/2011 03:55 PM, imnotpc wrote: > >>> I'm a new user with a simple question which I could not find an answer > >>> to in the docs. The Clusters from Scratch document tells you to > >>> disable iptables and I've inadvertantly found out why when I loaded my > >>> standard firewall script and broke my cluster. My question is: Is the > >>> corosync/pacemaker stack inherently incompatible with iptables or are > >>> there just certain iptables modules or configurations that cause > >>> problems? > >>> > >>> Thanks, Jeff > >> > >> You just need to know the ports to open. Here is the list of ones I know > >> of: > >> > >> Port Protocol Component > >> 5404, 5405 UDP cman > >> 8084, 5405 TCP luci > >> 11111 TCP ricci > >> 14567 TCP gnbd > >> 16851 TCP modclusterd > >> 21064 TCP dlm > >> 50006, 50008, 50009 TCP ccsd > >> 50007 UDP ccsd > >> > >> Note that this is from a RHCS2 (openais) perspective. I may be missing > >> pacemaker-specific ones. > > > > Appreciate the quick response. It's good to know iptables can work. I > > can't imagine no firewall even on an internal box. In my configuration > > everything (nearly) that gets blocked gets logged so now I need to find > > out why I'm not seeing any of these ports show up in my firewall log. > > On second though, those are *all* RHCS specific ports. That would > explain why you are not seeing them. I need more coffee... > > In your openais/corosync config, you will have defined an IP address and > port for each ring. Check there and make sure those ports are open.
Don't feel bad, at least you didn't do anything as dumb as I did. When I set the port in corosync.conf I also created a rule in my firewall script... a DROP rule... like I use for annoying MS broadcast traffic. That's why it never reached my logs or it's destination. aarrgghh!! Thanks again... _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
