Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Perfsonar ports - tracepath blocked

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Perfsonar ports - tracepath blocked


Chronological Thread 
  • From: Brian Candler <>
  • To: Andrew Lake <>, "" <>, "Garnizov, Ivan (RRZE)" <>
  • Subject: Re: [perfsonar-user] Perfsonar ports - tracepath blocked
  • Date: Tue, 16 Feb 2016 16:35:01 +0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sasl; b=GQ6fhQ kvbgwl9/dVPtipNS8N3rRshQ26URnI8LvbxI7r3G3PUp8uLhHqaBtdjlNwc+hEMW eYHpoBV2pdU2FZK/qeoLOW52cS7ic28lU7bfxwhP6ZFQUXL9OjnoxWGCHmkvdQ86 97UOGbRoX2MD9DH6l9jwoPpqHDGfIgQ1Nr+0w=
On 16/02/2016 16:26, Andrew Lake wrote:
Somebody else reported this as well a couple days ago and I have seen it before as well. Basically when the ISO is installing, the netfilters kernel module is not loaded so the post step to setup the rules is failing. I wonder if their was a recent update in anaconda or some other package that has recently made this surface, because it was definitely fine when the 3.5 release was made. You can run "/opt/perfsonar_ps/toolkit/scripts/configure_firewall install” to setup the rules.
Thank you - but that fix doesn't work for me.

[root@ix-perf1 brian]# /opt/perfsonar_ps/toolkit/scripts/configure_firewall install
Adding perfSONAR firewall rules
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
ip6tables: Saving firewall rules to /etc/sysconfig/ip6table[ OK ]
[root@ix-perf1
brian]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
perfSONAR all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain perfSONAR (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0
... etc

[root@ix-perf1
brian]# head -20 /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Tue Feb 16 16:31:02 2016
*filter
:INPUT ACCEPT [1:52]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10:526]
:perfSONAR - [0:0]
-A INPUT -j perfSONAR
-A perfSONAR -p icmp -m icmp --icmp-type any -j ACCEPT
-A perfSONAR -p ipv6-icmp -j ACCEPT
-A perfSONAR -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A perfSONAR -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A perfSONAR -p udp -m udp --dport 123 -m udp -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 8090 -j ACCEPT
-A perfSONAR -p udp -m udp --dport 33434:33634 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 8000 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 8001:8020 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 843 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 7123 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 3001:3003 -j ACCEPT
-A perfSONAR -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 861 -j ACCEPT

Cheers,

Brian.


Archive powered by MHonArc 2.6.16.

Top of Page