Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On 17.05.2011 18:19, Herman wrote: > > I made a change to IPTables, and did a "service iptables restart", and > next thing I knew, I had a split brain. I would guess that the RHEL FW setup flushes the connection tracking tables and has a default drop (or reject) rule. This would cause DRBDs TCP connections to time out eventually. Also, neither OCFS nor DLM react kindly when their communication link goes down. Try to keep the FW setup from unloading the "nf_conntrack" module or otherwise fiddle with connection tracking. This should prevent any harm in the FW restart case. In addaditon, if you expect any prolonged FW downtime to happen (for example: FW stop, explain situation to your boss, FW start), you may also like the usual "stateful accept" rule iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT to be present during the FW downtime. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.linbit.com/pipermail/drbd-user/attachments/20110517/b58b6483/attachment.htm>