[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] locked myself out with iptables

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Heiko <rupertt@xxxxxxxxx>
  • Date: Wed, 6 Aug 2008 15:34:06 +0200
  • Delivery-date: Wed, 06 Aug 2008 06:34:43 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=Ac4Yj2f5Z1arfgEErULzH3CEizQmuoaQkDI+qQjdSep81dZmg6jco9Qg7AXnQ10a/0 ohG+jqHQhULnna5slDElPO7jQCJm5kapt+XYcvB4IN63+mtRCJJkZMP9gquzJEnKED+C 9cQR5xBbF7CZpvfZtJZFH8+llE/OOb885s5M8=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Hello,

i created a failover cluster with 2 Server where 1 VM ist replicated
through DRBD and Heartbeat,
it all worked well some days and I could reboot the first server and
the second did take over the VM..
Today I started to creating some iptables rules on server 1, after
that one VM(not replicated, runs nagios) lost connections to some
servers,
but not all!. I can ping the VM that is replicated but not the host
where it lives(Server1).
So i deleted my iptables rules and rebooted the machine, after some
time I had the VM on both servers,
another reboot got me the VM back on the server1, but I couldnt acces
it, a login did not procedd and hang after entering the password.
A third reboot did solve the problem with th VM, i can now acces with
SSH and the Site.

Back to my problem:

I still cant monitor 1 VM and the 2 hosts where drbd ist running, no
ping and no other connections,
What can be the reason of this? I removed the /eetc/sysconfig/iptables
on server1, so only the rules are active that xen creates:

 iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif2.0
ACCEPT     all  --  anywhere             anywhere            PHYSDEV
match --physdev-in vif3.0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


All the machines are in a VLAN, i use this for monitoring,
even if I stop the firewall on all machine I cant ping the other machines.

Does someone have an idea whats wrong here?


thx

Rupertt

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.