[CentOS] Regd: Iptables SNAT issue in Cluster Suite Setup

Thu Dec 27 14:20:52 UTC 2007
Balaji <balajisundar at midascomm.com>

Dear All,
   I have solved the Iptables SNAT issue in Cluster Suite Setup and
   Solution for following iptables SNAT issue is removed the souce port 
"161" in iptables SNAT rule
   Before added rule is "iptables -t nat -A POSTROUTING -p udp -s 
192.168.13.179  --dport 161 -j SNAT --to-source 192.168.13.83:161" and
   Currently added rule is "iptables -t nat -A POSTROUTING -p udp -s 
192.168.13.179  --dport 161 -j SNAT --to-source 192.168.13.83"

  The above iptables SNAT rule is working fine

Regards
-S.Balaji

Balaji wrote:

> Dear All,
>
> I have configured Cluster Suite with 2 servers
>   Server 1 : 192.168.13.110 IP Address
>   Server 2 : 192.168.13.179 IP Address
>   Floating : 192.168.13.83 IP Address (Assumed by currently active 
> server)
>
> I want all snmp packets going out through the active server to be 
> stamped with floating IP
> So i have added a iptables rules as
>   "iptables -t nat -A POSTROUTING -p udp -s 192.168.13.179  --dport 
> 161 -j SNAT --to-source 192.168.13.83:161
>     iptables -t nat -A POSTROUTING -p udp -s 192.168.13.110  --dport 
> 161 -j SNAT --to-source 192.168.13.83:161"
>
> I have written a script to continuously poll an agent using snmpgetnext.
> This script works for some time and then snmpgetnext fails giving the 
> following message
>   "Fri Dec 21 19:10:20 IST 2007 SNMPv2-SMI::enterprises.3769.1.2.3.1.0 
> = ""
>     Fri Dec 21 19:10:20 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:10:20 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:10:20 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:10:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:10:21 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:10:21 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:10:21 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:10:21 IST 2007
>
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:13:20 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:13:20 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:13:21 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:13:21 IST 2007
>     snmpgetnext: Failure in sendto (Operation not permitted)
>     Fri Dec 21 19:13:21 IST 2007
>     Fri Dec 21 19:13:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:13:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:13:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:13:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""
>     Fri Dec 21 19:13:21 IST 2007 
> SNMPv2-SMI::enterprises.3769.1.2.3.1.0 = ""   "
>
> If i remove the above iptables rule it works continuously and if i 
> restarted iptables (with rule)  then it works for some time
> and before the same problem repeats
>
> Can some one throw light on this particular problem
>
> Regards
> S.Balaji
>
> P.S: Same thing happen when a rule for rsync, ssh and telnet
>      i.e they works some time and some times does not
>      e.g rsync,ssh and telnet iptables SNAT rule
>            "iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
> --dport 873 -j SNAT --to-source 192.168.13.83:873
>              iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
> --dport 22 -j SNAT --to-source 192.168.13.83:22
>              iptables -t nat -A POSTROUTING -p tcp -s 192.168.13.179  
> --dport 23 -j SNAT --to-source 192.168.13.83:23"
>              rsync Success message is
>               "receiving file list ... done
>                 Log/
>                 Log/20070619.dbg.zip
>                 Log/20070619.log.zip
>                 Log/20070620.dbg.zip
>                 Log/20070620.log.zip
>                 Log/20070621.dbg.zip
>                 Log/20070621.log.zip
>                 sent 190 bytes  received 211940 bytes  84852.00 bytes/sec
>                 total size is 211421  speedup is 1.00"
>               rsync Failure message is
>              "rsync: failed to connect to 192.168.13.100: Connection 
> timed out (110)
>                rsync error: error in socket IO (code 10) at 
> clientserver.c(94) "
>              *ssh Failure *Message is
>              "ssh: connect to host 192.168.13.100 port 22: Connection 
> timed out"
>              telnet Failure Message is
>              "telnet: connect to address 192.168.13.100: Connection 
> timed out"
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>