[node-devel] iptables configuration is bad with bonded network, fails to start Fedora 16
Andrew Wells
agwells0714 at gmail.com
Sat Mar 24 21:28:19 UTC 2012
when I start with fedora 16 with vdsm installed, the iptables configuration
is generated but iptables does not start. I am using the stable
ovirt-engine.repo
[root at node1 ~]# service iptables status
Redirecting to /bin/systemctl status iptables.service
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/lib/systemd/system/iptables.service; enabled)
Active: failed since Sat, 24 Mar 2012 15:36:49 -0400; 1h 40min ago
Main PID: 895 (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/iptables.service
[root at node1 ~]# cat /etc/sysconfig/iptables
# oVirt default firewall configuration. Automatically generated by vdsm
bootstrap script.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
# libvirt tls
-A INPUT -p tcp --dport 16514 -j ACCEPT
# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
# guest consoles
-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
# migration
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT
# Reject any other input traffic
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with
icmp-host-prohibited
COMMIT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/node-devel/attachments/20120324/2a7e98c7/attachment.html>
More information about the node-devel
mailing list