[ClusterLabs] Clustered LVM with iptables issue

Digimer lists at alteeve.ca
Thu Sep 10 19:01:05 EDT 2015


On 10/09/15 06:54 PM, Noel Kuntze wrote:
> 
> Hello Digimer,
> 
> I initially assumed you were familiar with ss or netstat and simply
> forgot about them.
> Seems I was wrong.
> 
> Check the output of this: `ss -tpn` and `ss -upn`.
> Those commands give you the current open TCP and UDP connections,
> as well as the program that opened the connection.
> Check listening sockets with `ss -tpnl` and `ss -upnl`

I'm not so strong on the network side of things, so I am not very
familiar with ss or netstat.

I have clvmd running:

====
[root at node1 ~]# /etc/init.d/clvmd status
clvmd (pid  3495) is running...
Clustered Volume Groups: (none)
Active clustered Logical Volumes: (none)
====

Thought I don't seem to see anything:

====
[root at node1 ~]# ss -tpnl
State      Recv-Q Send-Q                       Local Address:Port
                  Peer Address:Port
LISTEN     0      5                                       :::11111
                            :::*      users:(("ricci",2482,3))
LISTEN     0      128                              127.0.0.1:199
                             *:*      users:(("snmpd",2020,8))
LISTEN     0      128                                     :::111
                            :::*      users:(("rpcbind",1763,11))
LISTEN     0      128                                      *:111
                             *:*      users:(("rpcbind",1763,8))
LISTEN     0      128                                      *:48976
                             *:*      users:(("rpc.statd",1785,8))
LISTEN     0      5                                       :::16851
                            :::*      users:(("modclusterd",2371,5))
LISTEN     0      128                                     :::55476
                            :::*      users:(("rpc.statd",1785,10))
LISTEN     0      128                                     :::22
                            :::*      users:(("sshd",2037,4))
LISTEN     0      128                                      *:22
                             *:*      users:(("sshd",2037,3))
LISTEN     0      100                                    ::1:25
                            :::*      users:(("master",2142,13))
LISTEN     0      100                              127.0.0.1:25
                             *:*      users:(("master",2142,12))
====

====
[root at node1 ~]# ss -tpn
State      Recv-Q Send-Q                       Local Address:Port
                  Peer Address:Port
ESTAB      0      0                           192.168.122.10:22
                 192.168.122.1:53935  users:(("sshd",2636,3))
ESTAB      0      0                           192.168.122.10:22
                 192.168.122.1:53934  users:(("sshd",2613,3))
ESTAB      0      0                               10.10.10.1:48985
                    10.10.10.2:7788
ESTAB      0      0                               10.10.10.1:7788
                    10.10.10.2:51681
ESTAB      0      0                        ::ffff:10.20.10.1:16851
             ::ffff:10.20.10.2:43553  users:(("modclusterd",2371,6))
====

====
[root at node1 ~]# ss -upn
State      Recv-Q Send-Q                       Local Address:Port
                  Peer Address:Port
====

I ran all three again and routed output to a file, stopped clvmd and
re-ran the three calls to a different file. I diff'ed the resulting
files and saw nothing of interest:

====
[root at node1 ~]# /etc/init.d/clvmd status
clvmd (pid  3495) is running...
Clustered Volume Groups: (none)
Active clustered Logical Volumes: (none)
====

====
[root at node1 ~]# ss -tpnl > tpnl.on
[root at node1 ~]# ss -tpn > tpn.on
[root at node1 ~]# ss -upn > upn.on
====

====[root at node1 ~]# /etc/init.d/clvmd stop
Signaling clvmd to exit                                    [  OK  ]
clvmd terminated                                           [  OK  ]
====

====
[root at node1 ~]# ss -tpnl > tpnl.off
[root at node1 ~]# ss -tpn > tpn.off
[root at node1 ~]# ss -upn > upn.off
[root at node1 ~]# diff -U0 tpnl.on tpnl.off
[root at node1 ~]# diff -U0 tpn.on tpn.off
[root at node1 ~]# diff -U0 upn.on upn.off
====

I'm reading up on 'multiport' now and will adjust my iptables. It does
look a lot cleaner.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?




More information about the Users mailing list