[Pacemaker] New to Pacemaker - Firewall Question
Andrew Beekhof
andrew at beekhof.net
Fri Apr 16 11:59:34 EDT 2010
On Thu, Apr 15, 2010 at 5:37 PM, Jake Bogie <jbogie at suresource.com> wrote:
> Hey All,
>
>
>
> I’m trying to learn some more about Clusters for some research I’m doing.
> First thing I need to say is this project is absolutely AWESOME!!!
>
>
>
> I’ve installed and enabled the Pacemaker system and I have it running.
>
>
>
> The issue I am dealing with is that whenever IPTABLES is enabled the cluster
> nodes cannot see one another. If I flush all of the rules from IPTABLES the
> nodes talk to one another perfectly fine.
>
>
>
> I have two ring interfaces:
>
>
>
> interface {
>
> ringnumber: 0
>
>
>
> bindnetaddr:172.16.103.0
>
> mcastaddr:224.1.0.1
>
> mcastport:4000
>
> }
>
> interface {
>
> ringnumber: 1
>
>
>
> bindnetaddr:172.16.104.0
>
> mcastaddr:224.2.0.1
>
> mcastport:4000
>
> }
>
>
>
> And I added the following rules to IPTABLES:
>
>
>
> -A RH-Firewall-1-INPUT -p udp -d 224.1.0.1 -j ACCEPT
>
> -A RH-Firewall-1-INPUT -p udp -d 224.2.0.1 -j ACCEPT
>
> #-A RH-Firewall-1-INPUT -p udp --dport 4000 -d 224.1.0.1 -j ACCEPT
>
> #-A RH-Firewall-1-INPUT -p udp --dport 4000 -d 224.2.0.1 -j ACCEPT
>
>
>
> The two commented out rules didn’t work so I tried the two above.
>
>
>
> What am I missing here?
IIRC, you need 4000 _and_ 4001.
No, its not at all obvious that this is required :-)
More information about the Pacemaker
mailing list