Are you referring to /etc/sysconfig/iptables ? That's where the engine setup configures iptables, when I provision my nodes I select "Don't configure firewall" and let puppet manage my iptables rules for other reasons.. not sure if that was what you're asking On Tue, Oct 1, 2013 at 11:16 PM, Sven Kieske <S.Kieske@mittwald.de> wrote:
Hi,
we have an test environment with ovirt 3.3 installed on various hardware nodes.
The management node is installed on an centos 6.4 x64 minimal.
The issue we are running into is, that some ovirt component keeps resetting the iptables firewall configuration, denying access to ports 80 and 443, which results in the web interface being not accessible.
We do know that the engine-setup initially configures the firewall, but through which scripts does iptables get configured?
Are there some database entries for this?
If you need any logfiles for this, please let me know.
Currently we have disabled iptables, as it's just an test environment.
We read about some "vdsm bootstrap script" (e.g. BZ 893680), may this be related?
However we didn't find out where this scripts resides.
Also vvyazmin@redhat.com posted in this BZ: "not a bug".
I don't see why you shouldn't be able to ping the hypervisor in the management lan? this is useful for monitoring and network debugging.
ICMP is no danger at all.
Kind regards
Sven Kieske _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users