Hello,
firstly thank you for releasing version 3.3 and all the other versions. Great work so far.
I recently checked the firewall out and tried to adjust some settings and get it working on my set up, but somehow I'm missing something.
This is my current setup on a proxmox cluster with 3 nodes:
I followed the process in the Wiki, but somehow I still think something went wrong.
My problem is, that when I start the firewall in the datacenter tab of the GUI for all HW nodes my cluster becomes inoperable.
I tried disabling the firewall and reenabling it while running a multicast check and it seems that MULTICAST is getting dropped. Now I saw in the source that this should not happen.
When running "iptables-save | grep MULTICAST" I get:
Also, when I run pve-firewall status I get:
So I guess since the management group is handling those kind of stuff that it's missing?! (It's not in my default configuration file)
So, how can I generate that?
As a side note, my servers are running in a virtual rack meaning interface eth1 is the cluster interface (maybe this is also some kind of a problem).
I really appreciate your effort and your work.
Thank you very much, if you need any more information please let me know
Best regards,
Pointer
firstly thank you for releasing version 3.3 and all the other versions. Great work so far.
I recently checked the firewall out and tried to adjust some settings and get it working on my set up, but somehow I'm missing something.
This is my current setup on a proxmox cluster with 3 nodes:
Code:
proxmox-ve-2.6.32: 3.2-136 (running kernel: 2.6.32-32-pve)pve-manager: 3.3-1 (running version: 3.3-1/a06c9f73)
pve-kernel-2.6.32-32-pve: 2.6.32-136
pve-kernel-2.6.32-29-pve: 2.6.32-126
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-1
pve-cluster: 3.0-15
qemu-server: 3.1-34
pve-firmware: 1.1-3
libpve-common-perl: 3.0-19
libpve-access-control: 3.0-15
libpve-storage-perl: 3.0-23
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.1-5
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1I followed the process in the Wiki, but somehow I still think something went wrong.
My problem is, that when I start the firewall in the datacenter tab of the GUI for all HW nodes my cluster becomes inoperable.
I tried disabling the firewall and reenabling it while running a multicast check and it seems that MULTICAST is getting dropped. Now I saw in the source that this should not happen.
When running "iptables-save | grep MULTICAST" I get:
Code:
:~# iptables-save | grep MULTICAST
-A PVEFW-DropBroadcast -m addrtype --dst-type MULTICAST -j DROPAlso, when I run pve-firewall status I get:
Code:
no such security group 'management'
Status: enabled/runningSo I guess since the management group is handling those kind of stuff that it's missing?! (It's not in my default configuration file)
So, how can I generate that?
As a side note, my servers are running in a virtual rack meaning interface eth1 is the cluster interface (maybe this is also some kind of a problem).
I really appreciate your effort and your work.
Thank you very much, if you need any more information please let me know
Best regards,
Pointer
