LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-08-2009, 07:09 PM   #1
justemail
LQ Newbie
 
Registered: Apr 2009
Posts: 29

Rep: Reputation: 15
Firewall Question


I have setup a LVS system. I just want to display a web page to see if my LVS configuration is working. However when I try to display a test web site (http://www.tib.com), it times out. On the Virtual server, there is no error in the /var/log/httpd/access-log or /var/log/messages or /var/log/piranha/piranha.

I am getting suspicious that the firewall on the Virtual Server is blocking the web query!

Can somebody look at the "iptable" list (see below) and tell me if it is blocking the WEB query or not? FYI, I have not changed the iptables after setting the LVS except opening the HTTP port. In the LVS documentation there is a mention of "Firewall Marks"but I am using them yet.

Please help.

[root@vs1 ~]# /sbin/service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2049
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
12 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

[root@vs1 ~]#

---------
lvs.cf
serial_no = 17
primary = 65.103.190.106
primary_private = 192.168.1.1
service = lvs
backup_active = 1
backup = 65.103.190.108
backup_private = 192.168.1.2
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 192.168.1.254 eth1:1
nat_nmask = 255.255.255.0
debug_level = NONE
monitor_links = 0
syncdaemon = 0
virtual HTTP {
active = 1
address = 65.103.190.107 eth0:1
vip_nmask = 255.255.255.248
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server rs1 {
address = 192.168.1.10
active = 1
weight = 1000
}
}
 
Old 06-09-2009, 12:17 AM   #2
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
You can see for yourself with the command:
iptables -L -v --line-numbers

It shows you counts for each rule. Hit the service a couple times and if you see the counter incrementing, you know it's blocking.

I suspect that rule 8 and 11 in your RH-Firewall-1-INPUT chain are allowing the traffic.
 
  


Reply

Tags
firewall, iptables, lvs


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question 1 Firewall Log Question 2 Network Monitor Soulful93 Linux - Networking 4 08-04-2004 11:05 PM
Firewall Question SelaAragon Linux - Software 3 03-20-2004 09:12 AM
firewall question Agent007 Linux - Networking 2 01-11-2004 03:36 AM
Firewall question SocialParasite Linux - Security 2 07-07-2003 11:42 PM
Firewall Question ddpicard Linux - Software 2 10-18-2002 03:08 PM


All times are GMT -5. The time now is 07:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration