Description of problem: RHCS port 5405 is blocked by the default configuration for the firewall. Version-Release number of selected component (if applicable): latest How reproducible: 100%. Steps to Reproduce: 1. Turn on Firewall. 2. yum install openais 3. vi /etc/ais/openais.conf and set your bindnetaddr to an IP address Actual results: openais continues to state "Entering gather state" over and over. This is because it cannot receive or send packets on its defined 5405 UDP port. Expected results: [root@shih exec]# ./aisexec [root@shih exec]# Jul 21 14:11:36.635254 [MAIN ] AIS Executive Service RELEASE 'trunk' Jul 21 14:11:36.635400 [MAIN ] Copyright (C) 2002-2006 MontaVista Software, Inc and contributors. Jul 21 14:11:36.635425 [MAIN ] Copyright (C) 2006 Red Hat, Inc. Jul 21 14:11:36.635445 [MAIN ] openais component openais_cpg loaded. Jul 21 14:11:36.635465 [MAIN ] Registering service handler 'openais cluster closed process group service v1.01' Jul 21 14:11:36.635486 [MAIN ] openais component openais_cfg loaded. Jul 21 14:11:36.635506 [MAIN ] Registering service handler 'openais configuration service' Jul 21 14:11:36.635530 [MAIN ] openais component openais_msg loaded. Jul 21 14:11:36.635550 [MAIN ] Registering service handler 'openais message service B.01.01' Jul 21 14:11:36.635571 [MAIN ] openais component openais_lck loaded. Jul 21 14:11:36.635591 [MAIN ] Registering service handler 'openais distributed locking service B.01.01' Jul 21 14:11:36.635611 [MAIN ] openais component openais_evt loaded. Jul 21 14:11:36.635631 [MAIN ] Registering service handler 'openais event service B.01.01' Jul 21 14:11:36.635652 [MAIN ] openais component openais_ckpt loaded. Jul 21 14:11:36.635672 [MAIN ] Registering service handler 'openais checkpoint service B.01.01' Jul 21 14:11:36.635694 [MAIN ] openais component openais_amf loaded. Jul 21 14:11:36.635714 [MAIN ] Registering service handler 'openais availability management framework B.01.01' Jul 21 14:11:36.635734 [MAIN ] openais component openais_clm loaded. Jul 21 14:11:36.635754 [MAIN ] Registering service handler 'openais cluster membership service B.01.01' Jul 21 14:11:36.635774 [MAIN ] openais component openais_evs loaded. Jul 21 14:11:36.635795 [MAIN ] Registering service handler 'openais extended virtual synchrony service' Jul 21 14:11:36.637676 [TOTEM] Token Timeout (1000 ms) retransmit timeout (238 ms) Jul 21 14:11:36.637781 [TOTEM] token hold (180 ms) retransmits before loss (4 retrans) Jul 21 14:11:36.637804 [TOTEM] join (100 ms) consensus (200 ms) merge (200 ms) Jul 21 14:11:36.637825 [TOTEM] downcheck (1000000 ms) fail to recv const (50 msgs) Jul 21 14:11:36.637847 [TOTEM] seqno unchanged const (30 rotations) Maximum network MTU 1500 Jul 21 14:11:36.637867 [TOTEM] window size per rotation (50 messages) maximum messages per rotation (17 messages) Jul 21 14:11:36.637889 [TOTEM] send threads (0 threads) Jul 21 14:11:36.637909 [TOTEM] RRP token expired timeout (238 ms) Jul 21 14:11:36.637930 [TOTEM] RRP token problem counter (2000 ms) Jul 21 14:11:36.637949 [TOTEM] RRP threshold (10 problem count) Jul 21 14:11:36.637968 [TOTEM] RRP mode set to none. Jul 21 14:11:36.637988 [TOTEM] heartbeat_failures_allowed (0) Jul 21 14:11:36.638007 [TOTEM] max_network_delay (50 ms) Jul 21 14:11:36.638047 [TOTEM] HeartBeat is Disabled. To enable set heartbeat_failures_allowed > 0 Jul 21 14:11:36.638298 [TOTEM] Receive multicast socket recv buffer size (262142 bytes). Jul 21 14:11:36.638324 [TOTEM] Transmit multicast socket send buffer size (262142 bytes). Jul 21 14:11:36.638642 [TOTEM] The network interface [192.168.2.10] is now up. Jul 21 14:11:36.638684 [TOTEM] Created or loaded sequence id 1125934283361995.192.168.2.10 for this ring. Jul 21 14:11:36.638775 [TOTEM] entering GATHER state. Jul 21 14:11:36.638985 [SERV ] Initialising service handler 'openais extended virtual synchrony service' Jul 21 14:11:36.639012 [SERV ] Initialising service handler 'openais cluster membership service B.01.01' Jul 21 14:11:36.639136 [SERV ] Initialising service handler 'openais availability management framework B.01.01' Jul 21 14:11:36.639173 [SERV ] Initialising service handler 'openais checkpoint service B.01.01' Jul 21 14:11:36.639200 [SERV ] Initialising service handler 'openais event service B.01.01' Jul 21 14:11:36.639233 [SERV ] Initialising service handler 'openais distributed locking service B.01.01' Jul 21 14:11:36.639257 [SERV ] Initialising service handler 'openais message service B.01.01' Jul 21 14:11:36.639281 [SERV ] Initialising service handler 'openais configuration service' Jul 21 14:11:36.639305 [SERV ] Initialising service handler 'openais cluster closed process group service v1.01' Jul 21 14:11:36.639333 [SYNC ] Not using a virtual synchrony filter. Jul 21 14:11:36.639369 [MAIN ] AIS Executive Service: started and ready to provide service. Jul 21 14:11:36.639428 [TOTEM] Creating commit token because I am the rep. Jul 21 14:11:36.639463 [TOTEM] Saving state aru 0 high seq received 0 Jul 21 14:11:36.639515 [TOTEM] Storing new sequence id for ring 16781007 Jul 21 14:11:36.639550 [TOTEM] entering COMMIT state. Jul 21 14:11:36.639589 [TOTEM] entering RECOVERY state. Jul 21 14:11:36.639647 [TOTEM] position [0] member 192.168.2.10: Jul 21 14:11:36.639669 [TOTEM] previous ring seq 1125934283361995 rep 192.168.2.10 Jul 21 14:11:36.639690 [TOTEM] aru 0 high delivered 0 received flag 0 Jul 21 14:11:36.639710 [TOTEM] Did not need to originate any messages in recovery. Jul 21 14:11:36.639743 [TOTEM] Sending initial ORF token Jul 21 14:11:36.639954 [CLM ] CLM CONFIGURATION CHANGE Jul 21 14:11:36.639986 [CLM ] New Configuration: Jul 21 14:11:36.640006 [CLM ] Members Left: Jul 21 14:11:36.640026 [CLM ] Members Joined: Jul 21 14:11:36.640055 [amf.c:0425] amf_confchg_fn : type = 1,mnum = 0,jnum = 0,lnum = 0 Jul 21 14:11:36.640097 [SYNC ] This node is within the primary component and will provide service. Jul 21 14:11:36.640125 [CLM ] CLM CONFIGURATION CHANGE Jul 21 14:11:36.640145 [CLM ] New Configuration: Jul 21 14:11:36.640189 [CLM ] r(0) ip(192.168.2.10) Jul 21 14:11:36.640211 [CLM ] Members Left: Jul 21 14:11:36.640231 [CLM ] Members Joined: Jul 21 14:11:36.640254 [CLM ] r(0) ip(192.168.2.10) Jul 21 14:11:36.640276 [amf.c:0425] amf_confchg_fn : type = 0,mnum = 1,jnum = 1,lnum = 0 Jul 21 14:11:36.640300 [SYNC ] This node is within the primary component and will provide service. Jul 21 14:11:36.641206 [TOTEM] entering OPERATIONAL state. Jul 21 14:11:36.643042 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643097 [SYNC ] Synchronization actions starting for (openais cluster membership service B.01.01) Jul 21 14:11:36.643177 [CLM ] got nodejoin message 192.168.2.10 Jul 21 14:11:36.643239 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643261 [SYNC ] Committing synchronization for (openais cluster membership service B.01.01) Jul 21 14:11:36.643282 [SYNC ] Synchronization actions starting for (openais availability management framework B.01.01) Jul 21 14:11:36.643306 [amf.c:0348] >amf_sync_init: Jul 21 14:11:36.643332 [amf.c:0353] >amf_sync_process: Jul 21 14:11:36.643406 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643428 [amf.c:0364] >amf_sync_activate: Jul 21 14:11:36.643448 [SYNC ] Committing synchronization for (openais availability management framework B.01.01) Jul 21 14:11:36.643469 [SYNC ] Synchronization actions starting for (openais checkpoint service B.01.01) Jul 21 14:11:36.643546 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643568 [SYNC ] Committing synchronization for (openais checkpoint service B.01.01) Jul 21 14:11:36.643589 [SYNC ] Synchronization actions starting for (openais event service B.01.01) Jul 21 14:11:36.643765 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643787 [SYNC ] Committing synchronization for (openais event service B.01.01) Jul 21 14:11:36.643809 [SYNC ] Synchronization actions starting for (openais cluster closed process group service v1.01) Jul 21 14:11:36.643887 [SYNC ] Synchronization barrier completed Jul 21 14:11:36.643909 [SYNC ] Committing synchronization for (openais cluster closed process group service v1.01) Additional info: Ideally the sysconfig tool would have an option for "RHCS port" like it does for WWW, HTTP and other services. I took a stab at trying to add this, but couldn't get it to work because I don't know how iptables function. Regards -steve
You should be able to add an arbitrary port.
The best way to do this is to just use the "other ports" dialog. There are a whole bunch of programs that don't have their own checkbox in the list, and that's sort of on purpose. s-c-securitylevel is supposed to be a fairly simple program that someone can use to turn on and off the most common things. In the future, we need to move towards a system where programs can make requests for firewall holes automatically, so there's not a separate program the user needs to deal with.