Did you open up firewall (iptables) to allow traffic? I ran into problem until I added to iptables.
You can just run "service iptables stop" and test. If it works you know it is iptables and can add rules. If it doesn't then you know iptables wasn't "THE" problem (though it may still be "A" problem).
If they're on different subnets is there a physical firewall device or firewall config on switch/router that needs to be modified?
Are you running SELinux enabled? If so have you looked at impact it may have?
The notes I wrote for myself on updating iptables rules:
Quote:
Clariion Iptables Config - This allows the IPs of CX3-20c to talk to the host
on port 6389 udp and tcp (Port 6389 name is clariion-evr01)
To add permission to iptables on my RHEL hosts:
Verify iptables is running with iptables -L and that its last entry is to block icmp. (If not running iptables -L will only show about 3 lines.)
Then run:
1) iptables -D RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
### Deletes the icmp rule
2) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.1
### Opens clariion-evr01 TCP port for 10.0.x.1 (SPA on CX3-20c).
3) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.1
### Opens clariion-evr01 UDP port for 10.0.x.1 (SPA on CX3-20c).
4) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.2
### Opens clariion-evr01 TCP port for 10.0.x.2 (SPB on CX3-20c).
5) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.2
### Opens clariion-evr01 UDP port for 10.0.x.2 (SPB on CX3-20c).
3) iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
### Readds the icmp rule as last rule.
4) iptables-save >/etc/sysconfig/iptables
### Saves to file read on iptables start.
Step 4 is necessary so after a reboot or bounce of iptables it will re-
establish the rules
Steps assume 6389 for clariion-evr01 tcp and udp are in /etc/services already.
Entries in /etc/services were:
clariion-evr01 6389/tcp # clariion-evr01
clariion-evr01 6389/udp # clariion-evr01
Or you could just use 6389 instead of name in the rules you're adding.
|
Of course you'd substitute the actual IP addresses of your CX3-40's SPA and SPB for the 10.0.x.1 and 10.0.x.2 in the foregoing.