Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
0.12.3
-
None
-
The firewall looks (something) like this:
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -Z- all local connections are OK
iptables -A INPUT --destination 127.0.0.1 --in-interface lo -j ACCEPT
iptables -A OUTPUT --destination 127.0.0.1 --out-interface lo -j ACCEPT
- accept all traffic that originates internally
iptables -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT
- <snip: open some ports>
- default target is drop for all unspecified packets
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
The firewall looks (something) like this: iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -Z all local connections are OK iptables -A INPUT --destination 127.0.0.1 --in-interface lo -j ACCEPT iptables -A OUTPUT --destination 127.0.0.1 --out-interface lo -j ACCEPT accept all traffic that originates internally iptables -A INPUT --match state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT --match state --state RELATED,ESTABLISHED -j ACCEPT <snip: open some ports> default target is drop for all unspecified packets iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP - all local connections are OK
Description
Connecting to the TaskTracker with the default configuration fails with the firewall settings as mentioned in the Environment. This means the job seems to start, but then will hang with all tasks at 0%
Also, setting mapred.tasktracker.dns.interface to 'lo' has no effect. I would expect this bound the TaskTracker in such way that local connections would be made.
To make it work, I have to explicitly poke a hole in the firewall:
- hadoop
iptables -A INPUT --protocol tcp --destination-port 50050 -j ACCEPT
iptables -A OUTPUT --protocol tcp --destination-port 50050 -j ACCEPT
While in practise a Hadoop will often run on a cluster (so the firewall has to be opened anyway), I don't think this should be the default behaviour, because it is highly confusing.
Attachments
Issue Links
- relates to
-
HADOOP-1202 Jobtracker & Namenode can only bind to one interface
- Open