Hi Lois, I had the exact same problem, the discovery is running on udp 54328 by default <http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>, opening that port solved it for me.
Hope it helps Linus On Thursday, July 3, 2014 9:16:31 PM UTC+2, Lois Bennett wrote: > > Hi All > > I am trying to set up a very simple logstash test. I am following the > book and I have been successful with getting a server going with one > instance of each element in the ELK stack. Successful as long as I turn > off iptables! > > Since this is not an option I need some guidance to what ports I need to > have open. > > This is the iptables status: > root # service iptables status > Table: filter > Chain INPUT (policy ACCEPT) > num target prot opt source destination > 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > > > Chain FORWARD (policy ACCEPT) > num target prot opt source destination > 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 > > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > num target prot opt source destination > 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp > type 255 > 4 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 > 5 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 > 6 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp > dpt:5353 > 7 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp > dpt:631 > 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpt:631 > 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:22 > 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:80 > 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:443 > 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:536 > 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpts:9200:9400 > 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9302 > 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9303 > 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9304 > 17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9305 > 18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:5514 > 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:6379 > 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9300 > 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9301 > 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9200 > 23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:9292 > 24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state > NEW tcp dpt:537 > 25 ACCEPT tcp -- 172.27.104.0/24 0.0.0.0/0 > 26 ACCEPT tcp -- 172.27.80.0/25 0.0.0.0/0 > 27 ACCEPT tcp -- 0.0.0.0/0 224.2.2.4 > 28 REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-host-prohibited > > > It seems to have something to do with discovery in the elasticsearch > initialization. After logstash is running I can turn iptables on and it > continues to work. > Does anyone have a suggestion on what iptables might be blocking? I could > do a work around to start iptables after logstash and elasticsearch are up > and running but that doesn't seem right. > > I can send logs if that would help. > > This is the system and versions > > Red Hat Enterprise Linux Server release 6.5 (Santiago) > > Logstash Version: > # /opt/logstash/bin/logstash --version > logstash 1.4.2-modified > > Elasticsearch Version: > from the elasticsearch logs > version[1.2.1], pid[17907], build[6c95b75/2014-06-03T15:02:52Z] > > Redis version > 2.4.10 > > Thanks > Lois > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/2ff23064-d9a4-4319-87ff-2bb35feee907%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.