There are no such rules by default on a etch installation where the
firewall drop any packets.
lb1:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
And a more complete output from tcpdump looks like:
lb1:~# tcpdump -v multicast -i eth4
tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
10:49:28.688219 IP (tos 0x0, ttl 255, id 63122, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:28.861308 802.1d unknown version
10:49:29.124654 IP (tos 0x0, ttl 255, id 16275, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:29.427029 arp who-has 192.168.10.25 tell 192.168.10.117
10:49:29.436897 arp who-has 192.168.10.104 tell 192.168.10.117
10:49:29.537842 00:1b:3f:9b:7b:80 (oui Unknown) > 01:80:c2:00:00:0e
(oui Unknown), ethertype Unknown (0x88cc), length 109:
0x0000: 0207 0400 1b3f 9b7b 8004 0307 3136 0602 .....?.{....16..
0x0010: 0078 0808 506f 7274 2023 3136 0a0f 5052 .x..Port.#16..PR
0x0020: 4f43 5552 5645 204a 3930 3238 420c 1a50 OCURVE.J9028B..P
0x0030: 524f 4355 5256 4520 4a39 3032 3842 202d ROCURVE.J9028B.-
0x0040: 2050 422e 3032 2e30 370e 0400 0400 0410 .PB.02.07.......
0x0050: 0c05 ..
10:49:29.692135 IP (tos 0x0, ttl 255, id 63378, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:30.128667 IP (tos 0x0, ttl 255, id 16531, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:30.436831 arp who-has 192.168.10.104 tell 192.168.10.117
10:49:30.696136 IP (tos 0x0, ttl 255, id 63634, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:30.861364 802.1d unknown version
10:49:31.132680 IP (tos 0x0, ttl 255, id 16787, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:31.436857 arp who-has 192.168.10.104 tell 192.168.10.117
10:49:31.700155 IP (tos 0x0, ttl 255, id 63890, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:32.136692 IP (tos 0x0, ttl 255, id 17043, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:32.704178 IP (tos 0x0, ttl 255, id 64146, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:32.861414 802.1d unknown version
10:49:33.140704 IP (tos 0x0, ttl 255, id 17299, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:33.476954 arp who-has 192.168.10.25 tell 192.168.10.117
10:49:33.708187 IP (tos 0x0, ttl 255, id 64402, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:34.144718 IP (tos 0x0, ttl 255, id 17555, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:34.476990 arp who-has 192.168.10.25 tell 192.168.10.117
10:49:34.712211 IP (tos 0x0, ttl 255, id 64658, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:34.861429 802.1d unknown version
10:49:35.148730 IP (tos 0x0, ttl 255, id 17811, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:35.477024 arp who-has 192.168.10.25 tell 192.168.10.117
10:49:35.487052 arp who-has 192.168.10.104 tell 192.168.10.117
10:49:35.716336 IP (tos 0x0, ttl 255, id 64914, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.242 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 242, prio 100, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
10:49:36.152743 IP (tos 0x0, ttl 255, id 18067, offset 0, flags
[none], proto: VRRP (112), length: 40) 192.168.10.241 >
VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 241, prio 200, authtype
simple, intvl 1s, length 20, addrs: 192.168.10.240 auth "Password"
29 packets captured
29 packets received by filter
0 packets dropped by kernel
/B
2009/1/9 Graeme Fowler <graeme@xxxxxxxxxxx>:
> On Fri, 2009-01-09 at 00:25 +0100, Bachman Kharazmi wrote:
>> There are synchronization problems.
>
> Check that your default iptables rules are permitting inbound traffic
> destined to 224.0.0.18. It's very likely that they are not.
>
> Graeme
>
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|