Charly Roch asked:
I have 2 centos7 servers, I want to create a glusterfs shared volume on both, to do so I need the port 24007 opened on both.
I am testing with nc for the moment. Here server2 is listening to port 24007
[email protected] ~ # nc -l 24007 [email protected] ~ # netstat -na | grep 24007 tcp 0 0 0.0.0.0:24007 0.0.0.0:* LISTEN
On both server firewalld is disabled :
[email protected] ~ # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) [email protected] ~ # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Tue 2021-06-08 14:55:42 CEST; 23h ago
With server1 I am trying to connect to port 22 (for testing, it works) then 24007 (it doesn’t):
[email protected] ~ # nc -zv swarm-node2 22 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connected to @ipsrv2:22. Ncat: 0 bytes sent, 0 bytes received in 0.24 seconds. [email protected] ~ # nc -zv swarm-node2 24007 Ncat: Version 7.50 ( https://nmap.org/ncat ) Ncat: Connection timed out.
I am running a tcpdump on server2 so we can see packets arriving from srv1
[email protected] ~ # tcpdump -i eth0 -nn port 24007 listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 14:41:20.223909 IP @ipsrv1.54398 > @ipsrv2.24007: Flags [S], seq 2092224680, win 29200, options [mss 1460,sackOK,TS val 85574120 ecr 0,nop,wscale 7], length 0 ... 3 packets captured 3 packets received by filter
It says received by filter, I am not sure what is filter at this step (firewalld is off) so it might be iptables ?
I don’t see anything in iptables logs (it is empty even though rsyslog is saying DROP packets should be log) So I added a rule in iptables on srv2 to accept all packets comming from srv1
-A INPUT -s @ipsrv1/32 -i eth0 -m comment --comment "050 allow all from other nodes: 220.127.116.11" -j ACCEPT
As seen by TCPDUMP, packets are arriving to server2 and passed to filter but what is filter here ? firewalld is disabled and iptables should allow or at least log these packets.
Do you have any ways of testing that with more details
"filter’ in the tcpdump command output does not refer to the firewall. It refers to the filter you specified on the tcpdump command line to specify which packets to capture, in this case you specified the filter "port 24007". There is nothing to do with the firewall.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.