Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
Also, if you do find the problem please let us know so we can ensure that people that have this problem in the future get the same benefit. Gary Wayne Smith > -----Original Message----- > From: drbd-user-bounces at lists.linbit.com [mailto:drbd-user- > bounces at lists.linbit.com] On Behalf Of Gary W. Smith > Sent: Wednesday, August 02, 2006 7:43 AM > To: CHARTON Yannick; drbd-user at linbit.com > Subject: RE: [DRBD-user] Conflict between drbd and iptables > > Simplify your life and find out what IPTables thinks is the problem. > After all, it's the one blocking the packets. Just log before the drop. > > -A RH-Firewall-1-INPUT -j LOG --log-prefix "FIREWALL: " --log-level 6 > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > Then watch which DRBD packets are failing by doing a simple tail -n -f > /var/log/messages. > > Or > > Spend a week guessing ;) > > Gary Wayne Smith > > -----Original Message----- > From: drbd-user-bounces at lists.linbit.com > [mailto:drbd-user-bounces at lists.linbit.com] On Behalf Of CHARTON Yannick > Sent: Wednesday, August 02, 2006 1:27 AM > To: drbd-user at linbit.com > Subject: [DRBD-user] Conflict between drbd and iptables > > Hi, > > I'm using drbd 0.7.17 to synchronise two nodes (running on Red Hat > Entreprise Linux 4) with a dedicated gigabyte link between the two > nodes. > All drbd.conf parameters are set to very common values. > > My problem seems to be a conflict between drbd and the iptables firewall > : > > My iptables configuration on the two nodes includes the line : > -A RH-Firewall-1-INPUT -s NODE_IP_ADDRESS -p tcp --dport 7789 -j ACCEPT > > When I start the two nodes, there is no problem. However, when I > restart the firewall on the secondary node, I receive a flow of > messages : > kernel: drbd0: [kjournald/2927] sock_sendmsg time expired, ko = > 4294967295 > kernel: drbd0: [kjournald/2927] sock_sendmsg time expired, ko = > 4294967294 > ... > And the web services (apache) are unavailable. > > I tested without iptables, then with iptables on the primary node (and > tried to start and restart iptables service). No problem. But when I > tried to start iptables on the second node, I received the message flow > on the first node (and nothing in the log of the second node). I have > to stop the drbd service on the secondary, then to restart the service, > and all the systems fonction right again. > > I will try to reproduce the problem with a test architecture (I don't > have a full time access to the servers, and I prefered to stop iptables > service while I work on a solution). Unfortunately, I have no logs > about packets which are droped by iptables, but I will add it on my > test architecture. > > However, if you have an idea, if you already met this problem, or > simply if you can help me, your help will be very precious ! > > Thank you very much ! > > Yannick CHARTON > > > _______________________________________________ > drbd-user mailing list > drbd-user at lists.linbit.com > http://lists.linbit.com/mailman/listinfo/drbd-user > _______________________________________________ > drbd-user mailing list > drbd-user at lists.linbit.com > http://lists.linbit.com/mailman/listinfo/drbd-user