[Pacemaker] How SuSEfirewall2 affects on openais startup?
Gianluca Cecchi
gianluca.cecchi at gmail.com
Thu May 13 03:19:35 EDT 2010
On Thu, May 13, 2010 at 8:27 AM, Tim Serong <tserong at novell.com> wrote:
> Hi,
>
> On 5/13/2010 at 03:56 PM, Aleksey Zholdak <aleksey at zholdak.com> wrote:
> > > The firewall should let through the UDP multicast traffic on
> > > ports mcastport and mcastport+1.
> >
> > As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal
> > zone". So, how can I "open" these ports if it already opened?
> >
>
> Just to double check, I assume "Internal zone" does not have any
> firewall rules applied to it? If you go to "Allowed Services" in the
> YaST2 firewall config app, it should show everything greyed-out or
> allowed for Internal Zone.
>
> (Disclaimer: my major experience with SuSEfirewall2 is opening the ssh
> port on a system I care about, and turning the firewall off completely
> on my test cluster systems, because they're inside networks I trust)
>
> You said earlier that openais starts OK if you have the firewall on,
> but resources do not run. What does the output of "crm_mon -r1" show
> in this case?
>
> Regards,
>
> Tim
>
>
>
As the SuSEfirewall2 firewall is based on iptables rules, I think you can
run a loop such as this to get the actual configuration in place
for table in filter nat mangle raw ; do echo "--- $table ---"; iptables -t
$table -L -n; done > /tmp/iptables.log
and send to the list the contents ot /tmp/iptables.log if there are no
sensitive ip/information in it...
Or perhaps the file */etc/sysconfig/SuSEfirewall2 already contains all the
information needed to check configuration from an iptables point of view*
HIH,
Gianluca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20100513/18e7f867/attachment-0001.html>
More information about the Pacemaker
mailing list