<div dir="ltr"><p class="" style="font-family: arial; font-size: small; line-height: normal;">I'm having some issues with clustering and a firewall.  During setup of the cluster over tcp, epmd opens a bunch of ephemeral ports > 30000 that vanish after the clustering is set up.  If my iptable rules DROP by default, these hang up on the tcp handshake.</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">I can't find any reference for ports like this being used. My inet_dist_listen_min/max work (when i turn off the firewall, the correct port is being used) but they have no effect on these random ports.</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Some output:</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">[vagrant@queue1 ~]$ sudo iptables --list --verbose -n</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Chain INPUT (policy DROP 61566 packets, 3702K bytes)</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"> pkts bytes target     prot opt in     out     source               destination</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:9100:9105</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:25672:25682</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25672</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4369</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">   85  4616 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">95330   16M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:15672</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5673</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5672</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">    0     0 ACCEPT     all  --  *      *       192.168.50.3         0.0.0.0/0</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">And for my netstat:</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">[vagrant@queue1 ~]$ sudo netstat</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Active Internet connections (w/o servers)</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Proto Recv-Q Send-Q Local Address               Foreign Address             State</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 192.168.50.3:15672          192.168.50.1:56986          ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 192.168.50.3:15672          192.168.50.1:56983          ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 192.168.50.3:15672          192.168.50.1:56982          ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      1 192.168.50.3:48424          queue0.zombiehorde.loc:epmd SYN_SENT</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 192.168.50.3:15672          192.168.50.1:56342          ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 queue1.zombiehorde.loc:epmd queue1.zombiehorde.lo:42469 ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 10.0.2.15:ssh               10.0.2.2:53317              ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 192.168.50.3:15672          192.168.50.1:56985          ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      0 queue1.zombiehorde.lo:42469 queue1.zombiehorde.loc:epmd ESTABLISHED</p><p class="" style="font-family: arial; font-size: small; line-height: normal;">tcp        0      1 192.168.50.3:53772          queue0.zombiehorde.loc:epmd SYN_SENT</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Note - the SYN_SENT (right when I restart the service, there are a bunch more of these.  I assume epmd throttles down the connection attempts after number of failed attempts)</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">Best regards,</p><p class="" style="font-family: arial; font-size: small; line-height: normal;"><br></p><p class="" style="font-family: arial; font-size: small; line-height: normal;">James</p></div>