The GAB program reports incorrect membership results with existing iptable rules

With an LLT over UDP or LLT over RDMA configuration, when you start a cluster, GAB may not show membership details even though LLT links are set up correctly. It could be because some iptable rules filter out LLT packets.

Resolution: Add iptable rules to unblock LLT packets:

# iptables -I INPUT -i interface-name -p udp --dport UDP_portnumber_LLT -j ACCEPT

# iptables -I INPUT -i interface-name -p udp --sport UDP_portnumber_LLT -j ACCEPT

For example, if the interfaces eth2 and eth3 are configured under LLT with port numbers 50000 and 50001 respectively, the commands are:

# iptables -I INPUT -i eth2 -p udp --dport 50000 -j ACCEPT

# iptables -I INPUT -i eth2 -p udp --sport 50000 -j ACCEPT

# iptables -I INPUT -i eth3 -p udp --dport 50001 -j ACCEPT

# iptables -I INPUT -i eth3 -p udp --sport 50001 -j ACCEPT

Append these rules to the /etc/sysconfig/iptables file to make these changes persistent:

-A INPUT -p udp --dport UDP_portnumber1_LLT -j ACCEPT
-A INPUT -p udp --sport UDP_portnumber1_LLT -j ACCEPT

-A INPUT -p udp --dport UDP_portnumber2_LLT -j ACCEPT
-A INPUT -p udp --sport UDP_portnumber2_LLT -j ACCEPT
For example, 
-A INPUT -p udp --dport 50001 -j ACCEPT
-A INPUT -p udp --sport 50001 -j ACCEPT

-A INPUT -p udp --dport 50002 -j ACCEPT
-A INPUT -p udp --sport 50002 -j ACCEPT