Hello Eric/Team,
Please check the below snip from the 2 nodes on which i am working to make
slp service work , but it is not getting discovered from other node.
from same node it show the service
i have added the slp service in firewall at both the node . Can someone
help me in getting this issue fixed.
[image: image.png]
On Wed, Nov 18, 2020 at 2:58 AM Eric Garver <egarver(a)redhat.com> wrote:
On Wed, Nov 18, 2020 at 01:06:52AM +0530, Vishal K wrote:
> Hello Eric,
>
> I Will check that details(other nodes requests are coming in on the
default
> zone) and update.
> Meanwhile i have another system where sles12 is runnin and there i see
> below rule by default
>
> In INPUT chain
> ACCEPT icmp -- anywhere anywhere ctstate RELATED
I'm not sure where this rule is coming from. You can check the firewalld
configuration.
# firewall-cmd --list-all-zones
>
>
> I wonder it's not there in sles15.
>
> Thanks
>
>
>
> On Wed, Nov 18, 2020, 12:47 AM Eric Garver <egarver(a)redhat.com> wrote:
>
> > On Wed, Nov 18, 2020 at 12:41:24AM +0530, Vishal K wrote:
> > > Hello Eric,
> > >
> > > thanks for the response. I did added this option in public/external
zone
> > >
> > > firewall-cmd --permanent --add-service slp
> > > # firewall-cmd --reload
> > > Even though the slp services were not getting discovered by other
nodes.
> > > As soon as i delete this rule
> > >
> > > iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
> > >
> > > All starts working fine.
> > >
> > > That's why i am confused/clueless what can be done to make it work.
> >
> > Are you sure the other nodes requests are coming in on the default
zone?
> > What does --get-active-zones show?
> >
> > > Thanks
> > >
> > >
> > > On Wed, Nov 18, 2020, 12:32 AM Eric Garver <egarver(a)redhat.com>
wrote:
> > >
> > > > On Tue, Nov 17, 2020 at 06:19:09PM -0000, bsp team wrote:
> > > > > Below rule in iptables is causing the slptool to fail in
detecting
> > the
> > > > services of other hosts.
> > > > > REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
> > > > > I deleted it by using below command
> > > > > iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
> > > > > and slp started to discover from other node with firewall
enabled.
> > > > > however when i reload the firewalld or reboot it again went
back
to
> > > > original rule (REJECT)
> > > > > how can i delete this rule permanently so that even after
reoading
> > > > firewalld daemon it does not go back to default.
> > > > > or is there anyother way
> > > >
> > > > You should _not_ delete this rule. Doing so will likely leave your
> > > > firewall open and your server unprotected. I repeat. DO NOT DELETE
THIS
> > > > RULE.
> > > >
> > > > Instead add the `slp` service:
> > > >
> > > > # firewall-cmd --permanent --add-service slp
> > > > # firewall-cmd --reload
> > > >
> > > > The above adds it to the default zone (likely "public"). To
add it
to a
> > > > specific zone add the `--zone` argument.
> > > >
> > > > # firewall-cmd --permanent --zone external --add-service slp
> > > > # firewall-cmd --reload
> > > >
> > > >
> >
> > > _______________________________________________
> > > firewalld-users mailing list --
firewalld-users(a)lists.fedorahosted.org
> > > To unsubscribe send an email to
> > firewalld-users-leave(a)lists.fedorahosted.org
> > > Fedora Code of Conduct:
> >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
> >
> >
> _______________________________________________
> firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
firewalld-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...