Re: [Condor-users] SuSEFirewall2

[Jenny Barna <jcjb@xxxxxxxxxxxxxxxxxx>]

Thanks for reply.

> Have you remembered to open the firewalls between all submit nodes and all execute
> nodes across the 2 pools? It isn't sufficient just to open the firewall between
> the 2 central nodes.
>

Flocking from my other submit nodes (including non Linux) is fine as they
are not running Suse Firewall. Therefore I know the other pools are OK and
my pool is fine in other respects.

 > Other potential problems:
>
> * FLOCK_TO and FLOCK_FROM both setup on both machines if bidirectional
>   flocking required.
> * HOST* (READ/WRITE/etc) might be blocking the hosts
>

All this is fine as the config is simply cloned from other nodes where it
has been working for a long time. As soon as I turn the firewall off all
is 100% Ok so I believe it is Suse Firewall and nothing else.

> Finally (it might be this actually having read your post again)
> * As well as high ports being open (and appropriate classAd set for this),
>   you also need the 9614 and 9618 fixed ports opening, again probably for
>   tcp AND udp on both machines.


The problem is Suse Firewall has its own macro language in the script
/etc/sysconfig/SuSEFirewall2 which generates yards of iptables commands,
which I in turn find hard to read. When we generated our own simple
iptables firewall (not a very strong one I think) by hand we were fine. I
was able to insert lines and understood (to an extent) what I was doing.
Now I am overwhelmed by the very complex rules generated by the script.

It is specifcally how to make the Suse Firewall2 script work that I am
after as I know what I want to do but cannot get it to work with this. As
I said I did try inserting iptables rules but somewhere I have something
wrong :-(

I am sure someone must have done it!