[PVE-User] cluster firewall
Frans Schneider
f at bizvoip.co.za
Mon Oct 6 22:13:44 CEST 2014
Hi
Its my very first email to this list so I hope you can help me.
We have a prox cluster with 2 nodes. These nodes both have a public IP as
well as a LAN IP which is on different NICs on the server. The public NICs
connect to a router and the LAN NICS are connected directly with a crossed
lan cable for simplicity.
We have these rules in our firewall on node 2 while node 1 still has no
firewall:
(Some are just testing)
-A INPUT -m state --state NEW -m multiport -p tcp --dport 22 -s 10.10.10.0/8
-d 10.10.10.123 -j ACCEPT
#test
-A INPUT -m addrtype --dst-type MULTICAST -j ACCEPT
-A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j
ACCEPT
-A INPUT -p udp -m state --state NEW -m multiport --dport 8006 -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast --protocol igmp -j ACCEPT
-A INPUT -s 0.0.0.0 -m pkttype --pkt-type multicast --protocol igmp -j
ACCEPT
We managed to get everything up and running and can even see both nodes and
migrate one CT from node1 to node2, but the problem is this. Once the CT is
migrated from node1 to node 2 then when you click on it to start we get
error 595.
Any idea why this is happening? Thanks for any help.
Regards,
Frans <http://BizVoIP.co.za>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20141006/ebda9632/attachment.htm>
More information about the pve-user
mailing list