[Linux-cluster] iptables

[Don Hoover]

Doing some testing with RHEL6 Beta2+, and I turned on debugging to verify my iptables was working with RHCS.

And I noticed that there are some packets send between each node periodically that are going to destination port=0.

Dropped by firewall: IN=bond0 OUT= MAC=00:14:38:bc:ab:4d:00:1b:78:ba:80:14:08:00 SRC=10.240.48.180 DST=10.240.48.178 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19018 DF PROTO=TCP SPT=49555 DPT=0 WINDOW=5840 RES=0x00 SYN URGP=0
Dropped by firewall: IN=bond0 OUT= MAC=00:14:38:bc:ab:4d:00:17:a4:47:99:57:08:00 SRC=10.240.48.179 DST=10.240.48.178 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32053 DF PROTO=TCP SPT=22430 DPT=0 WINDOW=5840 RES=0x00 SYN URGP=0


Does port 0 need to be opened? This is no where in the docs, I used all the normal port suggested.

Here is what I am testing with having open:

#-A INPUT -m state --state NEW -m tcp -p tcp --dport 137 -j ACCEPT
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 138 -j ACCEPT
#-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
#-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
### cman - 5404,5405 udp
-A INPUT -m state --state NEW -m udp -p udp --dport 5404 -j ACCEPT 
-A INPUT -m state --state NEW -m udp -p udp --dport 5405 -j ACCEPT
### ricci - 11111 tcp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 11111 -j ACCEPT
### dlm - 21064 tcp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21064 -j ACCEPT
### ccsd - 50006,50008,50008 tcp and 50007 udp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50006 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50008 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 50009 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 50007 -j ACCEPT
### multicast heartbeat (may be different for each cluster)
-A INPUT -s 239.192.0.0/16 -m addrtype --src-type MULTICAST -j ACCEPT
-A INPUT -s 224.0.0.0/8 -m addrtype --src-type MULTICAST -j ACCEPT