Gonzalo Merino wrote:
> Bingo.
>
> [root@ce01 root]# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere tcp dpt:2170
> redir ports 2171
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere ce01.pic.es tcp dpt:2170
> to:193.146.196.24:2171
>
> I confess I am an ignorant in firewalling issues... what the hell is
> this? Who put it there? May be an old yaim configuration?
This means the old lcg-bdii was not stopped before the system was upgraded:
it would have removed those rules.
> Anyhow, after flushing this 'nat' table, the bdii is now reachable.
>
> thanks a lot,
> Gonzalo
>
> --
> Gonzalo Merino ([log in to unmask])
> Port d'Informació Científica, PIC
> Edifici-D, Universitat Autònoma de Barcelona
> 08193 Bellaterra (Barcelona) SPAIN
> Tel: +34 93 5813322 / Fax: +34 93 5814110
>
>
> Maarten Litmaath wrote:
>
>> Gonzalo Merino wrote:
>>
>>> Hi Maarten,
>>>
>>> I have tried to add the line you mention to hosts.allow, but nothing
>>> has changed (tried to restart network, xinetd, bdii... nothing)
>>>
>>> This is strange. We are running another CE called ifaece01.pic.es,
>>> and there the bdii just works after the upgrade, and there is nothing
>>> in hosts.allow...
>>>
>>> any other clues?
>>
>>
>>
>> What does this command report:
>>
>> iptables -L -t nat
>>
>> Did you try rebooting the machine?
>>
>>> --
>>> Gonzalo Merino ([log in to unmask])
>>> Port d'Informació Científica, PIC
>>> Edifici-D, Universitat Autònoma de Barcelona
>>> 08193 Bellaterra (Barcelona) SPAIN
>>> Tel: +34 93 5813322 / Fax: +34 93 5814110
>>>
>>>
>>> Maarten Litmaath wrote:
>>>
>>>> Carlos Borrego Iglesias wrote:
>>>>
>>>>> Hello all,
>>>>> I've just updated our CE to 2.6.0. Everything went fine. The only
>>>>> problem is that the service bdii doesn't seem to work. Let me
>>>>> explain myself:
>>>>>
>>>>> If I type:
>>>>> [root@ce01 root]# /etc/rc.d/init.d/bdii status
>>>>>
>>>>> I get:
>>>>>
>>>>> bdii OK
>>>>>
>>>>> but:
>>>>>
>>>>> [[log in to unmask]]#ldapsearch -x -H ldap://ce01.pic.es:2170 -b
>>>>> mds-vo-name=pic,o=grid
>>>>> ldap_bind: Can't contact LDAP server
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Add the following line to /etc/hosts.allow:
>>>>
>>>> slapd: 127.0.0.1
>>>>
>>>>> In the /opt/bdii/var/bdii.log file I just get:
>>>>>
>>>>> Updating DB on port 2171
>>>>> Waiting 30 s for query results.
>>>>>
>>>>> Time for searches: 0 s
>>>>> Time to sort: 0 s
>>>>> Time to update DB: 1 s
>>>>> Grabbing port 2170 for 2171
>>>>> Tue Aug 2 15:52:50 CEST 2005
>>>>> Sleeping for 60
>>>>>
>>>>> There's the slapd process running for the 2171 port:
>>>>> edguser 23726 1 0 15:56 ? 00:00:00 /usr/sbin/slapd -f
>>>>> /opt/bdii//var/2171/bdii-slapd.conf -h ldap://localhost:2171 -u
>>>>> edguser
>>>>>
>>>>> No firewall rules..
>>>>> [root@ce01 root]# iptables -L
>>>>> Chain INPUT (policy ACCEPT)
>>>>> target prot opt source destination
>>>>>
>>>>> Chain FORWARD (policy ACCEPT)
>>>>> target prot opt source destination
>>>>>
>>>>> Chain OUTPUT (policy ACCEPT)
>>>>> target prot opt source destination
>>>>>
>>>>>
>>>>> any ideas?
>>>>> Thanks
>>>>> Carlos
>>>>>
>>>>>
>>>>> ==========================================================================
>>>>>
>>>>> Carlos Borrego Iglesias PIC (Port d'Informació
>>>>> Científica)
>>>>> tel: +34 93 581 3308 Campus UAB - Edifici D
>>>>> e-mail: [log in to unmask] E-08193 Bellaterra
>>>>> ==========================================================================
>>>>>
|