How is your networking setup? Are the nodes using bridged networking or simpla NAT?
Out of curiosity, what's the virt solution you are using?(i.e. kvm, lc, openvz, vmware, virtualbox, ...) --herson On Oct 20, 2012, at 6:15 PM, Anuerin Diaz <[email protected]> wrote: > Hi, > > I have 2 virtualized CentOS machines (lpdza1 and lpdza2) where I am > setting up clustered WebLogic nodes. The current problem I have is that I > cannot make the port 7028 in lpdza1 accept external connections. Connection > from within lpdza1 works but I need lpdza2 to be able to access the admin > port (7028). I have tried alternately disabling iptables and ip6tables, as > well as flushing and stopping them to no avail. I have also tried configuring > and disabling them from the desktop GUI (Administration->Securtiy and > Firewall settings, Administration->Services->restart). I have tried accessing > from other virtual machines (Ubuntu, WindowsXP) to isolate that it is not a > problem on the second machine (lpdza2). > > What am I missing? Below is the sequence of commands I executed which is > based from http://wiki.centos.org/HowTos/Network/IPTables. > > ====================== > > [root@lpdza1 ~]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > [root@lpdza1 ~]# netstat -an | grep 7028 > tcp 0 0 ::ffff:127.0.0.1:7028 :::* > LISTEN > > [root@lpdza1 ~]# service iptables status > Table: filter > Chain INPUT (policy ACCEPT) > num target prot opt source destination > > Chain FORWARD (policy ACCEPT) > num target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > > > [root@lpdza1 ~]# iptables -P INPUT ACCEPT > [root@lpdza1 ~]# iptables -F > [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT > [root@lpdza1 ~]# iptables -P INPUT DROP > [root@lpdza1 ~]# iptables -P FORWARD DROP > [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED > -j ACCEPT > > [root@lpdza1 ~]# /sbin/service iptables save > [root@lpdza1 ~]# /sbin/service iptables reload > [root@lpdza1 ~]# /sbin/service iptables start > > [root@lpdza1 ~]# iptables -L -v > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 468 35641 ACCEPT tcp -- any any anywhere anywhere > tcp dpt:ssh > 13 708 ACCEPT tcp -- any any anywhere anywhere > tcp dpt:7028 > 22 1299 ACCEPT all -- lo any anywhere anywhere > > 733 124K ACCEPT all -- eth0 any anywhere anywhere > > 0 0 ACCEPT all -- any any anywhere anywhere > state NEW,RELATED,ESTABLISHED > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 1094 packets, 168K bytes) > pkts bytes target prot opt in out source > destination > > > [root@lpdza1 ~]# ip6tables -P INPUT ACCEPT > [root@lpdza1 ~]# ip6tables -F > [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT > [root@lpdza1 ~]# ip6tables -A INPUT -p tcp --dport 7028 -j ACCEPT > [root@lpdza1 ~]# ip6tables -P INPUT DROP > [root@lpdza1 ~]# ip6tables -P FORWARD DROP > [root@lpdza1 ~]# ip6tables -P OUTPUT ACCEPT > [root@lpdza1 ~]# ip6tables -A INPUT -i lo -j ACCEPT > [root@lpdza1 ~]# ip6tables -A INPUT -i eth0 -j ACCEPT > [root@lpdza1 ~]# ip6tables -A INPUT -m state --state NEW,ESTABLISHED,RELATED > -j ACCEPT > > [root@lpdza1 ~]# /sbin/service ip6tables save > [root@lpdza1 ~]# /sbin/service ip6tables reload > [root@lpdza1 ~]# /sbin/service ip6tables start > > [root@lpdza1 ~]# iptables -P INPUT ACCEPT > [root@lpdza1 ~]# iptables -F > [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -p tcp --dport 7028 -j ACCEPT > [root@lpdza1 ~]# iptables -P INPUT DROP > [root@lpdza1 ~]# iptables -P FORWARD DROP > [root@lpdza1 ~]# iptables -P OUTPUT ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -i lo -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -i eth0 -j ACCEPT > [root@lpdza1 ~]# iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED > -j ACCEPT > > [root@lpdza1 ~]# /sbin/service iptables save > [root@lpdza1 ~]# /sbin/service iptables reload > [root@lpdza1 ~]# /sbin/service iptables start > > > # test from first CentOS machine > > [root@lpdza1 ~]# nc -zv -w 2 lpdza1 22 > Connection to lpdza1 22 port [tcp/ssh] succeeded! > [root@lpdza1 ~]# nc -zv -w 2 lpdza1 7028 > Connection to lpdza1 7028 port [tcp/*] succeeded! > > #switch to second CentOS machine > [adiaz@lpdza2 ~]$ ping -c 1 lpdza1 > PING lpdza1 (192.168.122.185) 56(84) bytes of data. > 64 bytes from lpdza1 (192.168.122.185): icmp_seq=1 ttl=64 time=0.567 ms > > [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 22 > Connection to lpdza1 22 port [tcp/ssh] succeeded! > [adiaz@lpdza2 ~]$ nc -zv -w 2 lpdza1 7028 > nc: connect to lpdza1 port 7028 (tcp) failed: Connection refused > > ====================== > > Any pointers is very much appreciated. Thank you. > > ciao! > > -- > "Programming, an artform that fights back" > > Anuerin G. Diaz > Registered Linux User #246176 > http://ramfree17.net/capsule , when you absolutely have nothing else better > to do > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
