[Users] [Fwd: [node-devel] iptables configuration is bad with bonded network, fails to start Fedora 16]

Mike Burns mburns at redhat.com
Sat Mar 24 23:20:01 UTC 2012 

Bah, hit send accidentally...wanted to reply, not forward...


On Sat, 2012-03-24 at 18:59 -0400, Mike Burns wrote:
> email message attachment ([node-devel] iptables configuration is bad
> with bonded network, fails to start Fedora 16), "Forwarded message -
> [node-devel] iptables configuration is bad with bonded network, fails
> to start Fedora 16"
> > -------- Forwarded Message --------
> > From: Andrew Wells <agwells0714 at gmail.com>
> > To: node-devel at ovirt.org
> > Subject: [node-devel] iptables configuration is bad with bonded
> > network, fails to start Fedora 16
> > Date: Sat, 24 Mar 2012 17:28:19 -0400
> > 
> > when I start with fedora 16 with vdsm installed, the iptables
> > configuration is generated but iptables does not start. I am using
> > the stable ovirt-engine.repo
> > 
> > 
> >         [root at node1 ~]# service iptables status
> >         Redirecting to /bin/systemctl  status iptables.service
> >                 iptables.service - IPv4 firewall with iptables
> >                           Loaded: loaded
> >                 (/lib/systemd/system/iptables.service; enabled)
> >                           Active: failed since Sat, 24 Mar 2012
> >                 15:36:49 -0400; 1h 40min ago
> >                         Main PID: 895 (code=exited,
> >                 status=1/FAILURE)
> >                           CGroup:
> >                 name=systemd:/system/iptables.service
> > 
> > 
> > 
> > 
> > 
> > 
> >         [root at node1 ~]# cat /etc/sysconfig/iptables
> >         # oVirt default firewall configuration. Automatically
> >         generated by vdsm bootstrap script.
> >         *filter
> >         :INPUT ACCEPT [0:0]
> >         :FORWARD ACCEPT [0:0]
> >         :OUTPUT ACCEPT [0:0]
> >         -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >         -A INPUT -p icmp -j ACCEPT
> >         -A INPUT -i lo -j ACCEPT
> >         # vdsm
> >         -A INPUT -p tcp --dport 54321 -j ACCEPT
> >         # libvirt tls
> >         -A INPUT -p tcp --dport 16514 -j ACCEPT
> >         # SSH
> >         -A INPUT -p tcp --dport 22 -j ACCEPT
> >         # guest consoles
> >         -A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
> >         # migration
> >         -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
> >         # snmp
> >         -A INPUT -p udp --dport 161 -j ACCEPT
> >         # Reject any other input traffic
> >         -A INPUT -j REJECT --reject-with icmp-host-prohibited
> >         -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT
> >         --reject-with icmp-host-prohibited
> >         COMMIT
> > _______________________________________________
> > node-devel mailing list
> > node-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/node-devel
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list