Thanks Simon, Of course we are not sure but we have a strong feeling : - We tried the restore in loop (14) and all worked fine when firewall is disabled.- We tried the restore several times but no more 2? succeed restore at a row when firewall is enabled. We also tried : - - iptables avec nftables en backend - - firewalld avec nftables en backend - - nft avec nftables en backend - but no improvment. We would want to try "iptables with netfilter" this but we have not find how to switch to. Do you think server subpackage of NM is a track to follow? Thanks Thomas Poty Le mercredi 6 mai 2020 ? 18:02:48 UTC+2, Simon Matter <simon.matter at invoca.ch> a ?crit : > Hello,> Here is the context during the problem occurs : > > We have a new machine running on centos 8.From this machine, we restore a > postgresql dump on an other machine runnning on centos 7.After several > hoursof running, restore fails due to a disconnection (no route to > host).But, if we disable the firewall on centos 8, restore succeed. > Before having this new centos 8 machine, we had a centos 7 machine and all > worked fine with firewall activated.Are you really sure it happens because of the firewall? Anything in the logs indicating it happens because firewalld fiddles with something? I gues by firewall you mean firewalld. Usually such situations can come from NetworkManager with its default configuration. If, for some reason, an ethernet device looses link for a short time, NetworkManager is eager to bring down the interface and the result is the nice "no route to host" situation. To prevent NM from "helping" you in this situation, you have to install the server subpackage from NM - or get rid of it :-) Regards, Simon
Hi,> Thanks Simon, > Of course we are not sure but we have a strong feeling : > - We tried the restore in loop (14) and all worked fine when firewall is > disabled.- We tried the restore several times but no more 2? succeed > restore at a row when firewall is enabled. > We also tried : > > - - iptables avec nftables en backend > - - firewalld avec nftables en backend > - - nft avec nftables en backend > - but no improvment. > > > We would want to try "iptables with netfilter" this but we have not find > how to switch to. > Do you think server subpackage of NM is a track to follow?Hi, I suggest to try it at least as it's so easy: yum/dnf install NetworkManager-config-server Regards, Simon
Hi,We have tried : - with and without NetworkManager-config-server- with and without NetworkManagerbut result is still the same :? we get disconnection :-/ We will try with the last kernel. anybody has a track to explore ? Thanks Thomas Poty Le jeudi 7 mai 2020 ? 10:36:33 UTC+2, Simon Matter <simon.matter at invoca.ch> a ?crit : Hi,> Thanks Simon, > Of course we are not sure but we have a strong feeling : > - We tried the restore in loop (14) and all worked fine when firewall is > disabled.- We tried the restore several times but no more 2? succeed > restore at a row when firewall is enabled. > We also tried : > >? ? - - iptables avec nftables en backend >? ? - - firewalld avec nftables en backend >? ? - - nft avec nftables en backend >? ? - but no improvment. > > > We would want to try "iptables with netfilter" this but we have not find > how to switch to. > Do you think server subpackage of NM is a track to follow?Hi, I suggest to try it at least as it's so easy: yum/dnf install NetworkManager-config-server Regards, Simon
I will check with firewall-cmd. Regarding hardware problem I have doubt as we use VMWare (but I keep in a corner of my mind).At this moment, we have compiled kernel and have installed it and have tried 4 restore passed.We need to do more tests and understand why 4 restores passed. Thanks Thomas Poty Le jeudi 28 mai 2020 ? 23:58:22 UTC+2, hw <hw at adminart.net> a ?crit : On Tuesday, May 26, 2020 2:42:13 PM CEST Thomas Poty via CentOS wrote:> Hi,We have tried : > - with and without NetworkManager-config-server- with and without > NetworkManagerbut result is still the same :? we get disconnection :-/ We > will try with the last kernel. > anybody has a track to explore ? > Thanks >Have you enabled logging with firewall-cmd to see if there are packets being dropped while the dump is being restored? Besides that, one of the first things I'd try is changing out the network card, replace the network cable and use a different port on the switch.? Keep in mind that two machines are involved. Even stupid network cables can "switch" between working and non-working for no reason at all like you wouldn't believe ... until you plug them into a PoE switch by mistake after which they suddenly no longer work at all.