[Users] [node-devel] iptables configuration is bad with bonded network, fails to start Fedora 16

Andrew Cathrow acathrow at redhat.com
Sun Mar 25 16:30:30 UTC 2012 

https://bugzilla.redhat.com/show_bug.cgi?id=795061

Look at IPTablesConfig in the vdc_options table.


----- Original Message -----
> From: "Mike Burns" <mburns at redhat.com>
> To: "Andrew Wells" <agwells0714 at gmail.com>
> Cc: "users" <users at ovirt.org>, node-devel at ovirt.org
> Sent: Saturday, March 24, 2012 7:19:26 PM
> Subject: Re: [Users] [node-devel] iptables configuration is bad with bonded network, fails to start Fedora 16
> 
> This is not ovirt-node from the description, forwarding on to
> users at ovirt.org.
> 
> Mike
> 
> On Sat, 2012-03-24 at 17:28 -0400, Andrew Wells wrote:
> > when I start with fedora 16 with vdsm installed, the iptables
> > configuration is generated but iptables does not start. I am using
> > the
> > stable ovirt-engine.repo
> > 
> > 
> >         [root at node1 ~]# service iptables status
> >         Redirecting to /bin/systemctl  status iptables.service
> >                 iptables.service - IPv4 firewall with iptables
> >                           Loaded: loaded
> >                 (/lib/systemd/system/iptables.service; enabled)
> >                           Active: failed since Sat, 24 Mar 2012
> >                 15:36:49 -0400; 1h 40min ago
> >                         Main PID: 895 (code=exited,
> >                         status=1/FAILURE)
> >                           CGroup:
> >                 name=systemd:/system/iptables.service
> > 
> > 
> > 
> > 
> > 
> > 
> >         [root at node1 ~]# cat /etc/sysconfig/iptables
> >         # oVirt default firewall configuration. Automatically
> >         generated by vdsm bootstrap script.
> >         *filter
> >         :INPUT ACCEPT [0:0]
> >         :FORWARD ACCEPT [0:0]
> >         :OUTPUT ACCEPT [0:0]
> >         -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >         -A INPUT -p icmp -j ACCEPT
> >         -A INPUT -i lo -j ACCEPT
> >         # vdsm
> >         -A INPUT -p tcp --dport 54321 -j ACCEPT
> >         # libvirt tls
> >         -A INPUT -p tcp --dport 16514 -j ACCEPT
> >         # SSH
> >         -A INPUT -p tcp --dport 22 -j ACCEPT
> >         # guest consoles
> >         -A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
> >         # migration
> >         -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
> >         # snmp
> >         -A INPUT -p udp --dport 161 -j ACCEPT
> >         # Reject any other input traffic
> >         -A INPUT -j REJECT --reject-with icmp-host-prohibited
> >         -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT
> >         --reject-with icmp-host-prohibited
> >         COMMIT
> > _______________________________________________
> > node-devel mailing list
> > node-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/node-devel
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list