Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 06-08-2009, 08:09 PM   #1
LQ Newbie
Registered: Apr 2009
Posts: 29

Rep: Reputation: 15
Firewall Question

I have setup a LVS system. I just want to display a web page to see if my LVS configuration is working. However when I try to display a test web site (, it times out. On the Virtual server, there is no error in the /var/log/httpd/access-log or /var/log/messages or /var/log/piranha/piranha.

I am getting suspicious that the firewall on the Virtual Server is blocking the web query!

Can somebody look at the "iptable" list (see below) and tell me if it is blocking the WEB query or not? FYI, I have not changed the iptables after setting the LVS except opening the HTTP port. In the LVS documentation there is a mention of "Firewall Marks"but I am using them yet.

Please help.

[root@vs1 ~]# /sbin/service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all --

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all --

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all --
2 ACCEPT icmp -- icmp type 255
3 ACCEPT esp --
4 ACCEPT ah --
5 ACCEPT udp -- udp dpt:5353
6 ACCEPT udp -- udp dpt:631
7 ACCEPT tcp -- tcp dpt:631
9 ACCEPT tcp -- state NEW tcp dpt:2049
10 ACCEPT tcp -- state NEW tcp dpt:22
11 ACCEPT tcp -- state NEW tcp dpt:80
12 REJECT all -- reject-with icmp-host-prohibited

[root@vs1 ~]#

serial_no = 17
primary =
primary_private =
service = lvs
backup_active = 1
backup =
backup_private =
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = eth1:1
nat_nmask =
debug_level = NONE
monitor_links = 0
syncdaemon = 0
virtual HTTP {
active = 1
address = eth0:1
vip_nmask =
port = 80
send = "GET / HTTP/1.0\r\n\r\n"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 0
server rs1 {
address =
active = 1
weight = 1000
Old 06-09-2009, 01:17 AM   #2
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
You can see for yourself with the command:
iptables -L -v --line-numbers

It shows you counts for each rule. Hit the service a couple times and if you see the counter incrementing, you know it's blocking.

I suspect that rule 8 and 11 in your RH-Firewall-1-INPUT chain are allowing the traffic.


firewall, iptables, lvs

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Question 1 Firewall Log Question 2 Network Monitor Soulful93 Linux - Networking 4 08-05-2004 12:05 AM
Firewall Question SelaAragon Linux - Software 3 03-20-2004 10:12 AM
firewall question Agent007 Linux - Networking 2 01-11-2004 04:36 AM
Firewall question SocialParasite Linux - Security 2 07-08-2003 12:42 AM
Firewall Question ddpicard Linux - Software 2 10-18-2002 04:08 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration