Adam Padee wrote:
> Hi all,
>
> I'm trying to configure site BDII together with my CE using YAIM. The
> machine has two network interfaces,
> eth0 with local address 172.16.1.18 and
> eth1 with public address 212.87.13.18
>
> after the configuration slapd listens on ports 2171, 2172, 2173 and
> binds automatically ONLY to eth0. Service lcg-bdii tries to set up port
> forwarding rules in iptables, which most probably are meant to map port
> 2170 to 2173:
> [root@ce root]# iptables --t nat --list
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere tcp dpt:2170
> redir ports 2173
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere ce.polgrid.pl tcp dpt:2170
> to:212.87.13.18:2173
> [root@ce root]#
>
> This of course does not work, because slapd is listening only on eth0. I
> tried to change this, but it is probably hard-coded in slapd:
> [root@ce root]# grep -r eth0 /opt/lcg/bdii/*
> [root@ce root]#
No. The slapd listens on an IP address/hostname, not on an interface.
So, it means you configured the BDII to listen on the local address,
which is wrong.
> When I try to set up forwarding by myself, lcg-bdii is resetting the
> rules to it's own "correct" configuration after some time.
> Could someone please explain me, why it has to be so complicated,
> instead of adding 2170 to the WRITE ports in
> /opt/lcg/bdii/var/lcg-bdii.conf ?
You may want to consider upgrading to the LCG-2_5_0 CE, whose BDII
no longer messes with iptables at all.
> The second thing is mds-vo-name in contact string. I don't understand
> why it's setting
> BDII_BIND=mds-vo-name=local,o=grid
> although my SITE_NAME in site-info.def is set to WARSAW-EGEE, not to
> "local".
You probably configured your CE to be a (top-level) BDII at the same time:
that does not work.
|