URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround:

Description: While working on "Guided Exercise: Resolving iSCSI Issues" (Chapter 5 - SG 162-165), I started by checking the firewall settings on workstation. I typically start by running "firewall-cmd --get-active-zones". I found that traffic from eth1 goes to the external zone and traffic from eth0 goes to the trusted zone. Further investigation revealed that eth0 filters to trusted based on the ZONE=trusted line in /etc/sysconfig/network-scripts/ifcfg-eth0 on workstation. I mention this because I noticed that the setup script opened 3260/tcp in the public (default) zone, but this step isn't really necessary since the public (default) zone isn't actually active. All traffic from servera gets filtered to the trusted zone. So having the setup script add the firewall rule doesn't hurt, but it doesn't effectively make a difference with the lab either. I wouldn't be surprised if this happens with some of the additional setup scripts. I also mention this because I was a little puzzled when I ran "firewall-cmd --permanent --zone=trusted --remove-interface=eth0; firewall-cmd --reload". The commands seemed to work, but eth0 was still being filtered to the trusted zone. That's when I looked at ifcfg-eth0. This behavior could get incorporated into a future troubleshooting lab.