Hi ​@BloopaAgainÂ
Do we have firewalld enabled on HSX? I don’t see port 2050 part of a any predefined XML. NFS is using port 2049 which is part of the block zone. 111 is part of rpcbind service.
Verify if we can telnet to HSX nodes from ESX on port 2049 & 2050.
Regards,
Hello ​@R Anwar , yes firewall is enabled, netcat from esxi to HSX on 2049, 2050 and 111 KO
Here is the output :
Â
>root@hsx02Â ~]# firewall-cmd --get-default-zone
block
proot@hsx02Â ~]# firewall-cmd --get-active-zones
block
 interfaces: bond1
cv_storage_zone
 interfaces: bond2
2root@hsx02 ~]# firewall-cmd --list-all
block (active)
 target: %%REJECT%%
 icmp-block-inversion: no
 interfaces: bond1
 sources:
 services: commvault nfs nfs3 ntp rpc-bind ssh
 ports:
 protocols:
 forward: no
 masquerade: no
 forward-ports:
 source-ports:
 icmp-blocks:
 rich rules:
Â
Â
It is defninitively an issue with internal firewall
from hsx1 to hsx2 I cannot reach the port 2049, 111
Â
on hsx 2 ports are listening
tcp      LISTEN     0        128  0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=1455681,fd=3))
tcp      LISTEN     0        128  ::]:111              ::]:*       users:(("rpcbind",pid=2878,fd=6),("systemd",pid=1,fd=116)) Â
tcp      LISTEN     0        100  *:2049               *:*          users:(("3dnfsd.exe",pid=3483922,fd=3))
Hi ​@BloopaAgainÂ
Try the following steps and let me know if it helps. Do this only on HSX2
vi /etc/firewalld/services/hedvig.xml
Add line
<port protocol="tcp" port="111"/>       <!-- rpc-bind →
Restart firewalld service on hsx2 and see if you can connect on port 111 from hsx1
Regards,
111 is already present
but nc from hsx1 to hsx2 on port 111 doesn’t work.
but nc from hsx1 to hsx2 on port 22 works
I have a ticket opened, I let you know
Â
<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>Hedvig services</short>
 <description></description>
 <port protocol="tcp" port="2181"/>       <!-- Server Event Manager -->
 <port protocol="tcp" port="2224"/>       <!-- PCSD/Pacemaker/Corosync -->
 <port protocol="tcp" port="3000"/>       <!-- Zookeeper -->
 <port protocol="tcp" port="3121"/>       <!-- Pacemaker -->
 <port protocol="tcp" port="4000"/>       <!-- Zookeeper -->
 <port protocol="tcp" port="4321"/>       <!-- NFS Lock server -->
 <port protocol="tcp" port="7000-7006"/>    <!-- Gossip/Thrift -->
 <port protocol="tcp" port="7010"/>       <!-- Gossip/Thrift -->
 <port protocol="tcp" port="7100"/>       <!-- Gossip/Thrift -->
 <port protocol="tcp" port="7500"/>       <!-- Gossip/Thrift -->
 <port protocol="tcp" port="8000"/>       <!-- Gossip/Thrift -->
 <port protocol="tcp" port="8750"/>       <!-- rquotad server -->
 <port protocol="tcp" port="8777-8778"/>    <!-- Gossip/Thrift -->
 <port protocol="tcp" port="8090-8096"/>    <!-- Gossip/Thrift -->
 <port protocol="tcp" port="11001"/>      <!-- Gossip/Thrift -->
 <port protocol="tcp" port="11002"/>      <!-- Gossip/Thrift -->
 <port protocol="tcp" port="11118"/>      <!-- H-Pod CLI -->
 <port protocol="tcp" port="15000"/>      <!-- Gossip/Thrift -->
 <port protocol="tcp" port="21064"/>      <!-- Distributed Lock Manager -->
 <port protocol="tcp" port="50000-50008"/>   <!-- CVM Thrift -->
 <port protocol="tcp" port="50022"/>      <!-- CVM Thrift -->
 <port protocol="udp" port="111"/>       <!-- rpc-bind -->
 <port protocol="udp" port="1024-65535"/>    <!-- rpc-bind -->
</service>
~
Â
Hi ​@BloopaAgainÂ
It’s because 111 is setup for UDP in FW rules. I tested the same and it only worked after I added another line with TCP. I didn’t wanted to remove UDP one yet.
Regards,