Unsolved
This post is more than 5 years old
1 Message
0
887
August 29th, 2013 11:00
Pre-Upgrade Health Check Error
Getting ready to upgrade from 6.0.40.5 to 6.0.70.4 and I get an error stating "At least one iptables rule is missing" and that I need to run "spa_spb_comm -setup" to fix the problem. When I try to run that in Command I get an error saying spa_spb-comm is not a valid command.
.....to top it off, when I go into Unisphere, I am all green, all hardware looks good. SPA and SPB both have good IP's that I can reach both with ICMP as well as NaviSphere.
I am a rookie with the EMC's so I was hoping one of you could help me out...Google is cluless.
No Events found!
christopher_ime
2K Posts
0
August 31st, 2013 19:00
Two comments related to that command:
1) You need to run it as root
a) Login as nasadmin
b) su -
2) You will want to run it with the absolute path of:
/nas/sbin/spa_spb_comm -setup
There is also more information in the following KB article:
emc267881: "nas_checkup: Symptom: At least one iptables rule is missing"
https://support.emc.com/kb/76794
kjstech
2 Intern
•
361 Posts
0
April 15th, 2015 10:00
We use Digital Defense (DDI) to do quarterly vulnerability scans, and their recommendation is to remove these IP tables rules. So after removing these, it remediates the scan, storage array still works without any issues, but now nas checkup every week complains about this. So I re-ran this command to compare the iptables file before and after.
This adds the following to iptables:
-A POSTROUTING -s 128.221.252.200 -d 128.221.253.201 -p tcp -j SNAT --to-source 128.221.252.200
-A POSTROUTING -s 128.221.253.201 -d 128.221.252.200 -p tcp -j SNAT --to-source 128.221.253.201
-A POSTROUTING -s 128.221.252.200 -d 128.221.253.201 -p udp -j SNAT --to-source 128.221.252.200
-A POSTROUTING -s 128.221.253.201 -d 128.221.252.200 -p udp -j SNAT --to-source 128.221.253.201