[torqueusers] Re: pbsnodes -a do not see the state of all nodes

Chris Samuel csamuel at vpac.org
Mon Feb 28 14:02:11 MST 2005

On Fri, 25 Feb 2005 04:34 pm, Hannu Väisänen wrote:

> On Fri, Feb 25, 2005 at 10:34:14AM +1100, Chris Samuel wrote:
> > My suspicion is that you'll either get a connection refused or it will
> > hang until it times out and that you'll find you have iptables running on
> > the server that is blocking it.
> It hangs and times out.

OK - then something between the mom and the server is dropping those packets, 
rather than rejecting them.

> > On the server do:
> >
> >       iptables-save
[rules elided]

Those look fine.  There should also be a rule there to accept establish 
traffic too I believe ?

I'd suggest an explicit deny and log rule at the end so you can see if there's 
something odd happening with the rules.

For instance, my Shorewall config generates the following automatically:

-A net2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A net2all -j Drop
-A net2all -j LOG --log-prefix "Shorewall:net2all:DROP:" --log-level 6
-A net2all -j DROP

Using policies to drop traffic works, but I don't think you can log anything 

You should be append those 3 rules to your iptables-config simply, and 
remember to change the table from net2all to RH-Firewall-1-INPUT !  If you 
want to make failure more obvious whilst debugging you can change the "Drop" 
to "Reject" and "DROP" to "REJECT" to cause the kernel to send the 
appropriate ICMP instead.

good luck,
 Christopher Samuel - (03)9925 4751 - VPAC Systems & Network Admin
 Victorian Partnership for Advanced Computing http://www.vpac.org/
 Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20050301/2096b94f/attachment.bin

More information about the torqueusers mailing list