FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-21-2007, 01:28 PM
Balaji
 
Default Regd: Iptables SNAT issue in Cluster Suite Setup

Dear All,

I have configured Cluster Suite with 2 servers
Server 1 : 192.168.13.110 IP Address
Server 2 : 192.168.13.179 IP Address
Floating : 192.168.13.83 IP Address (Assumed by currently active server)

I want all snmp packets going out through the active server to be
stamped with floating IP

So i have added a iptables rules as
"iptables -t nat -A POSTROUTING -p udp -s 192.168.13.179 --dport 161
-j SNAT --to-source 192.168.13.83:161
iptables -t nat -A POSTROUTING -p udp -s 192.168.13.110 --dport
161 -j SNAT --to-source 192.168.13.83:161"


I have written a script to continuously poll an agent using snmpgetnext.
This script works for some time and then snmpgetnext fails giving the
following message
"Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:10:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""

snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007

snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:20 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:20 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:13:21 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= "" "


If i remove the above iptables rule it works continuously and if i
restarted iptables (with rule) then it works for some time

and before the same problem repeats

Can some one throw light on this particular problem

Regards
S.Balaji

P.S: Same thing happen when a rule for rsync, ssh and telnet
i.e they works some time and some times does not
e.g rsync,ssh and telnet iptables SNAT rule
"iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 873 -j SNAT --to-source 192.168.13.83:873
iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 22 -j SNAT --to-source 192.168.13.83:22
iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 23 -j SNAT --to-source 192.168.13.83:23"

rsync Success message is
"receiving file list ... done
Log/
Log/20070619.dbg.zip
Log/20070619.log.zip
Log/20070620.dbg.zip
Log/20070620.log.zip
Log/20070621.dbg.zip
Log/20070621.log.zip
sent 190 bytes received 211940 bytes 84852.00 bytes/sec
total size is 211421 speedup is 1.00"
rsync Failure message is
"rsync: failed to connect to 192.168.13.100: Connection
timed out (110)
rsync error: error in socket IO (code 10) at
clientserver.c(94) "

*ssh Failure *Message is
"ssh: connect to host 192.168.13.100 port 22: Connection
timed out"

telnet Failure Message is
"telnet: connect to address 192.168.13.100: Connection
timed out"


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-27-2007, 01:20 PM
Balaji
 
Default Regd: Iptables SNAT issue in Cluster Suite Setup

Dear All,
I have solved the Iptables SNAT issue in Cluster Suite Setup and
Solution for following iptables SNAT issue is removed the souce port
"161" in iptables SNAT rule
Before added rule is "iptables -t nat -A POSTROUTING -p udp -s
192.168.13.179 --dport 161 -j SNAT --to-source 192.168.13.83:161" and
Currently added rule is "iptables -t nat -A POSTROUTING -p udp -s
192.168.13.179 --dport 161 -j SNAT --to-source 192.168.13.83"


The above iptables SNAT rule is working fine

Regards
-S.Balaji

Balaji wrote:


Dear All,

I have configured Cluster Suite with 2 servers
Server 1 : 192.168.13.110 IP Address
Server 2 : 192.168.13.179 IP Address
Floating : 192.168.13.83 IP Address (Assumed by currently active
server)


I want all snmp packets going out through the active server to be
stamped with floating IP

So i have added a iptables rules as
"iptables -t nat -A POSTROUTING -p udp -s 192.168.13.179 --dport
161 -j SNAT --to-source 192.168.13.83:161
iptables -t nat -A POSTROUTING -p udp -s 192.168.13.110 --dport
161 -j SNAT --to-source 192.168.13.83:161"


I have written a script to continuously poll an agent using snmpgetnext.
This script works for some time and then snmpgetnext fails giving the
following message
"Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0
= ""
Fri Dec 21 19:10:20 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:10:20 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:10:20 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:10:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""

snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:10:21 IST 2007

snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:20 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:20 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
snmpgetnext: Failure in sendto (Operation not permitted)
Fri Dec 21 19:13:21 IST 2007
Fri Dec 21 19:13:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:13:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:13:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:13:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
Fri Dec 21 19:13:21 IST 2007
SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = "" "


If i remove the above iptables rule it works continuously and if i
restarted iptables (with rule) then it works for some time

and before the same problem repeats

Can some one throw light on this particular problem

Regards
S.Balaji

P.S: Same thing happen when a rule for rsync, ssh and telnet
i.e they works some time and some times does not
e.g rsync,ssh and telnet iptables SNAT rule
"iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 873 -j SNAT --to-source 192.168.13.83:873
iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 22 -j SNAT --to-source 192.168.13.83:22
iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179
--dport 23 -j SNAT --to-source 192.168.13.83:23"

rsync Success message is
"receiving file list ... done
Log/
Log/20070619.dbg.zip
Log/20070619.log.zip
Log/20070620.dbg.zip
Log/20070620.log.zip
Log/20070621.dbg.zip
Log/20070621.log.zip
sent 190 bytes received 211940 bytes 84852.00 bytes/sec
total size is 211421 speedup is 1.00"
rsync Failure message is
"rsync: failed to connect to 192.168.13.100: Connection
timed out (110)
rsync error: error in socket IO (code 10) at
clientserver.c(94) "

*ssh Failure *Message is
"ssh: connect to host 192.168.13.100 port 22: Connection
timed out"

telnet Failure Message is
"telnet: connect to address 192.168.13.100: Connection
timed out"


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 09:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org