[DRBD-user] Conflict between drbd and iptables

[Carson Gaspar]

If iptables maintains TCP connection state, it could easily block 
_existing_ TCP connections on restart. I have no idea whether this is your 
problem or not, but it fits the symptoms.

--On Wednesday, August 02, 2006 5:44 PM +0200 CHARTON Yannick 
<yannick.charton at utt.fr> wrote:

> Thanks for all your answers, I will test your solutions. However, what I
> find very strange is the fact that the phenomenon appears only if I
> restart iptables while drbd is running, and it doesn't appear if I start
> iptables and after that the drbd service.
>
> For Lars Ellenberg : no OUTPUT rules but SE-linux activated, something
> wrong with that ?
> btw, I have already subscripted, I just forgot to the list-reply function.
>
> Lars Ellenberg <Lars.Ellenberg at linbit.com> a écrit :
>
>> / 2006-08-02 15:26:23 +0200
>> \ CHARTON Yannick:
>>> Okay, I know, I'm a bit paranoiac about system security.
>>> I know that something like "-A RH-Firewall-1-INPUT -i ethX -j ACCEPT"
>>> in the iptables configuration file will work (normally, I will check).
>>> However, as I don't know why the iptables service breaks the
>>> replication just after restarting, whereas iptables seems to be right
>>> configured, I'm trying to find an explanation.
>>
>> OUTPUT rules?
>> SE-linux or similar?
>>
>> btw, you need to subscribe to be able to post here directly.
>>
>> --
>> : Lars Ellenberg                                  Tel +43-1-8178292-0  :
>> : LINBIT Information Technologies GmbH            Fax +43-1-8178292-82 :
>> : Schoenbrunner Str. 244, A-1120 Vienna/Europe   http://www.linbit.com :
>> __
>> please use the "List-Reply" function of your email client.
>> _______________________________________________
>> drbd-user mailing list
>> drbd-user at lists.linbit.com
>> http://lists.linbit.com/mailman/listinfo/drbd-user
>>
>
>
>
>
> _______________________________________________
> drbd-user mailing list
> drbd-user at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/drbd-user