Doing some testing with RHEL6 Beta2+, and I turned on debugging to verify my iptables was working with RHCS. And I noticed that there are some packets send between each node periodically that are going to destination port=0. Dropped by firewall: IN=bond0 OUT= MAC=00:14:38:bc:ab:4d:00:1b:78:ba:80:14:08:00 SRC=10.240.48.180 DST=10.240.48.178 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19018 DF PROTO=TCP SPT=49555 DPT=0 WINDOW=5840 RES=0x00 SYN URGP=0 Dropped by firewall: IN=bond0 OUT= MAC=00:14:38:bc:ab:4d:00:17:a4:47:99:57:08:00 SRC=10.240.48.179 DST=10.240.48.178 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32053 DF PROTO=TCP SPT=22430 DPT=0 WINDOW=5840 RES=0x00 SYN URGP=0 Does port 0 need to be opened? This is no where in the docs, I used all the normal port suggested. Here is what I am testing with having open: #-A INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT #-A INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT #-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT #-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT ### cman - 5404,5405 udp -A INPUT -m state --state NEW -m udp -p udp --dport 5404 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5405 -j ACCEPT ### ricci - 11111 tcp -A INPUT -m state --state NEW -m tcp -p tcp --dport 11111 -j ACCEPT ### dlm - 21064 tcp -A INPUT -m state --state NEW -m tcp -p tcp --dport 21064 -j ACCEPT ### ccsd - 50006,50008,50008 tcp and 50007 udp -A INPUT -m state --state NEW -m tcp -p tcp --dport 50006 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 50008 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 50009 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 50007 -j ACCEPT ### multicast heartbeat (may be different for each cluster) -A INPUT -s 239.192.0.0/16 -m addrtype --src-type MULTICAST -j ACCEPT -A INPUT -s 224.0.0.0/8 -m addrtype --src-type MULTICAST -j ACCEPT -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
