|
On 01/12/2006 16:47, Owens, Ron wrote:
There's no firewall between the director and the cluster nodes. They
work with http and squid with no modification.
Right, but is there a firewall ruleset on the director, or in front of
it somewhere? An ICMP Host Unreachable error is being generated
somewhere, and as it's one of the most common targets for iptables (-j
REJECT) it makes me think the obvious.
The RIP of the director is 140.203.7.81
The IP of the mail server is 140.203.7.16
I can't reach either of them, via ICMP, IP or TCP.
I tried adding:
iptables -A INPUT -i eth0 -p tcp ! --syn -s 140.203.7.81 --sport 25 -d
140.203.7.16 --dport 1024:65535 -j ACCEPT
but this didn't help ....
Umm... I don't think it will. If I read that correctly you're ACCEPTING
packets coming in on eth0 which are TCP and aren't SYNs, from
140.203.7.81 where the source port is 25 and the dest ports are
unprivileged. I'd expect to only see that end of a connection on a
remote client...
Anyway, please provide:
1. Output from "ipvsadm -L -n" on the director
2. Output from "iptables -L -n" on the director
3. Output from "iptables -L -n" on the realserver(s)
Graeme
| 