[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] SuSEFirewall2
- Date: Tue, 9 Jan 2007 14:53:42 +0000 (GMT)
- From: Jenny Barna <jcjb@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Condor-users] SuSEFirewall2
Thanks for reply.
> Have you remembered to open the firewalls between all submit nodes and all execute
> nodes across the 2 pools? It isn't sufficient just to open the firewall between
> the 2 central nodes.
Flocking from my other submit nodes (including non Linux) is fine as they
are not running Suse Firewall. Therefore I know the other pools are OK and
my pool is fine in other respects.
> Other potential problems:
> * FLOCK_TO and FLOCK_FROM both setup on both machines if bidirectional
> flocking required.
> * HOST* (READ/WRITE/etc) might be blocking the hosts
All this is fine as the config is simply cloned from other nodes where it
has been working for a long time. As soon as I turn the firewall off all
is 100% Ok so I believe it is Suse Firewall and nothing else.
> Finally (it might be this actually having read your post again)
> * As well as high ports being open (and appropriate classAd set for this),
> you also need the 9614 and 9618 fixed ports opening, again probably for
> tcp AND udp on both machines.
The problem is Suse Firewall has its own macro language in the script
/etc/sysconfig/SuSEFirewall2 which generates yards of iptables commands,
which I in turn find hard to read. When we generated our own simple
iptables firewall (not a very strong one I think) by hand we were fine. I
was able to insert lines and understood (to an extent) what I was doing.
Now I am overwhelmed by the very complex rules generated by the script.
It is specifcally how to make the Suse Firewall2 script work that I am
after as I know what I want to do but cannot get it to work with this. As
I said I did try inserting iptables rules but somewhere I have something
I am sure someone must have done it!