Hello, I used https://tecadmin.net/ip-failover-setup-using-keepalived-on-centos-redhat/%22... tutorial to configure Keepalived on two CentOS web servers:
Server 1: 192.168.56.7 Server 2: 192.168.56.9 Virtual IP: 192.168.56.110
And after it, I added below Firewalld rule:
# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent # firewall-cmd --reload # # firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client http ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="vrrp" accept
But I can't ping my Virtual IP address:
# ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted
And cURL doesn't show anything too:
# curl -l 192.168.56.110
Is it related to the Firewalld?
Thank you.
On Tue, Apr 13, 2021 at 08:15:05PM -0000, Jason Long wrote:
Hello, I used https://tecadmin.net/ip-failover-setup-using-keepalived-on-centos-redhat/%22... tutorial to configure Keepalived on two CentOS web servers:
Server 1: 192.168.56.7 Server 2: 192.168.56.9 Virtual IP: 192.168.56.110
And after it, I added below Firewalld rule:
# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent # firewall-cmd --reload # # firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client http ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="vrrp" accept
But I can't ping my Virtual IP address:
# ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted
And cURL doesn't show anything too:
# curl -l 192.168.56.110
Is it related to the Firewalld?
I don't know. An easy way to check is to disable firewalld then check if it works.
Also make sure you enabled VRRP is the correct zone. Looks like you added it to the default zone.
More information is:
# firewall-cmd --get-active-zones FedoraServer interfaces: enp0s3 enp0s8
# firewall-cmd --get-default-zone FedoraServer
# systemctl stop firewalld.service # # ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permittedThank you. More information are:
What is the correct zone for the VRRP?
On Wednesday, April 14, 2021, 09:59:44 PM GMT+4:30, Eric Garver egarver@redhat.com wrote:
On Tue, Apr 13, 2021 at 08:15:05PM -0000, Jason Long wrote:
Hello, I used https://tecadmin.net/ip-failover-setup-using-keepalived-on-centos-redhat/%22... tutorial to configure Keepalived on two CentOS web servers:
Server 1: 192.168.56.7 Server 2: 192.168.56.9 Virtual IP: 192.168.56.110
And after it, I added below Firewalld rule:
# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent # firewall-cmd --reload # # firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp0s3 enp0s8 sources: services: dhcpv6-client http ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="vrrp" accept
But I can't ping my Virtual IP address:
# ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted
And cURL doesn't show anything too:
# curl -l 192.168.56.110
Is it related to the Firewalld?
I don't know. An easy way to check is to disable firewalld then check if it works.
Also make sure you enabled VRRP is the correct zone. Looks like you added it to the default zone.
On Thu, Apr 15, 2021 at 08:51:35AM +0000, Jason Long wrote:
More information is:
# firewall-cmd --get-active-zones FedoraServer interfaces: enp0s3 enp0s8
# firewall-cmd --get-default-zone FedoraServer
# systemctl stop firewalld.service # # ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permittedThank you. More information are:
What is the correct zone for the VRRP?
If it still doesn't work after stopping firewalld then you have a different issue that exists outside of firewalld.
Any idea to find it? Which log files must be examined?
On Thursday, April 15, 2021, 04:40:15 PM GMT+4:30, Eric Garver egarver@redhat.com wrote:
On Thu, Apr 15, 2021 at 08:51:35AM +0000, Jason Long wrote:
More information is:
# firewall-cmd --get-active-zones FedoraServer interfaces: enp0s3 enp0s8
# firewall-cmd --get-default-zone FedoraServer
# systemctl stop firewalld.service # # ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permittedThank you. More information are:
What is the correct zone for the VRRP?
If it still doesn't work after stopping firewalld then you have a different issue that exists outside of firewalld.
On Fri, Apr 16, 2021 at 01:02:11PM +0000, Jason Long wrote:
Any idea to find it? Which log files must be examined?
No ideas. Sorry.
On Thursday, April 15, 2021, 04:40:15 PM GMT+4:30, Eric Garver egarver@redhat.com wrote:
On Thu, Apr 15, 2021 at 08:51:35AM +0000, Jason Long wrote:
More information is:
# firewall-cmd --get-active-zones FedoraServer interfaces: enp0s3 enp0s8
# firewall-cmd --get-default-zone FedoraServer
# systemctl stop firewalld.service # # ping 192.168.56.110 PING 192.168.56.110 (192.168.56.110) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permittedThank you. More information are:
What is the correct zone for the VRRP?
If it still doesn't work after stopping firewalld then you have a different issue that exists outside of firewalld.
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
firewalld-users@lists.fedorahosted.org