David, How foolish it is ! thank you very much ! it's worked now ! ? 2013?04?10? 20:31, David Coulson ??: > > On 4/10/13 8:28 AM, Jian Lee wrote: >> >> # cat /etc/sysconfig/iptables >> # Generated by iptables-save v1.4.7 on Thu Apr 11 00:09:23 2013 >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [21:1996] >> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT >> -A INPUT -j REJECT --reject-with icmp-host-prohibited > Start by removing the line above. That makes all of your gluster rules > below useless. >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 24007:24047 -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 1000:1100 -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT >> -A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT >> -A INPUT -p tcp -m state --state NEW -m tcp --dport 38465:38485 -j ACCEPT >> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >> COMMIT >> # Completed on Thu Apr 11 00:09:23 2013 >> -- Jian Lee ( http://www.ylinux.org/ren/2 )
