[node-devel] iptables configuration is bad with bonded network, fails to start Fedora 16

Mike Burns mburns at redhat.com
Sat Mar 24 23:19:26 UTC 2012


This is not ovirt-node from the description, forwarding on to
users at ovirt.org.

Mike

On Sat, 2012-03-24 at 17:28 -0400, Andrew Wells wrote:
> when I start with fedora 16 with vdsm installed, the iptables
> configuration is generated but iptables does not start. I am using the
> stable ovirt-engine.repo
> 
> 
>         [root at node1 ~]# service iptables status
>         Redirecting to /bin/systemctl  status iptables.service
>                 iptables.service - IPv4 firewall with iptables
>                           Loaded: loaded
>                 (/lib/systemd/system/iptables.service; enabled)
>                           Active: failed since Sat, 24 Mar 2012
>                 15:36:49 -0400; 1h 40min ago
>                         Main PID: 895 (code=exited, status=1/FAILURE)
>                           CGroup:
>                 name=systemd:/system/iptables.service
> 
> 
> 
> 
> 
> 
>         [root at node1 ~]# cat /etc/sysconfig/iptables
>         # oVirt default firewall configuration. Automatically
>         generated by vdsm bootstrap script.
>         *filter
>         :INPUT ACCEPT [0:0]
>         :FORWARD ACCEPT [0:0]
>         :OUTPUT ACCEPT [0:0]
>         -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>         -A INPUT -p icmp -j ACCEPT
>         -A INPUT -i lo -j ACCEPT
>         # vdsm
>         -A INPUT -p tcp --dport 54321 -j ACCEPT
>         # libvirt tls
>         -A INPUT -p tcp --dport 16514 -j ACCEPT
>         # SSH
>         -A INPUT -p tcp --dport 22 -j ACCEPT
>         # guest consoles
>         -A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
>         # migration
>         -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
>         # snmp
>         -A INPUT -p udp --dport 161 -j ACCEPT
>         # Reject any other input traffic
>         -A INPUT -j REJECT --reject-with icmp-host-prohibited
>         -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT
>         --reject-with icmp-host-prohibited
>         COMMIT
> _______________________________________________
> node-devel mailing list
> node-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/node-devel





More information about the node-devel mailing list