On Thu, May 13, 2010 at 8:27 AM, Tim Serong <tser...@novell.com> wrote:
> Hi, > > On 5/13/2010 at 03:56 PM, Aleksey Zholdak <alek...@zholdak.com> wrote: > > > The firewall should let through the UDP multicast traffic on > > > ports mcastport and mcastport+1. > > > > As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal > > zone". So, how can I "open" these ports if it already opened? > > > > Just to double check, I assume "Internal zone" does not have any > firewall rules applied to it? If you go to "Allowed Services" in the > YaST2 firewall config app, it should show everything greyed-out or > allowed for Internal Zone. > > (Disclaimer: my major experience with SuSEfirewall2 is opening the ssh > port on a system I care about, and turning the firewall off completely > on my test cluster systems, because they're inside networks I trust) > > You said earlier that openais starts OK if you have the firewall on, > but resources do not run. What does the output of "crm_mon -r1" show > in this case? > > Regards, > > Tim > > > As the SuSEfirewall2 firewall is based on iptables rules, I think you can run a loop such as this to get the actual configuration in place for table in filter nat mangle raw ; do echo "--- $table ---"; iptables -t $table -L -n; done > /tmp/iptables.log and send to the list the contents ot /tmp/iptables.log if there are no sensitive ip/information in it... Or perhaps the file */etc/sysconfig/SuSEfirewall2 already contains all the information needed to check configuration from an iptables point of view* HIH, Gianluca
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf