Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Avatar photoCustomer Inquiry
    Participant
    Post count: 203

    Although my cluster nodes are protected by our perimeter firewall I would like to use FirewallD on the cluster nodes. However, doing so prevents communications between peers. How to I tell FirewallD to allow traffic between nodes (and from itself for testing)?

    Avatar photoTelium Support Group
    Participant
    Post count: 265

    Assuming your nodes are 192.168.0.10 and 192.168.0.11, then issue the following commands on both nodes:


    firewall-cmd –new-zone=haast –permanent
    firewall-cmd –reload
    firewall-cmd –zone=haast –permanent –add-source=192.168.0.10/32
    firewall-cmd –zone=haast –permanent –add-source=192.168.0.11/32
    firewall-cmd –zone=haast –permanent –add-port=3001/tcp
    firewall-cmd –zone=haast –permanent –add-port=3002/tcp
    firewall-cmd –zone=haast –permanent –add-port=873/tcp
    firewall-cmd –zone=haast –permanent –add-port=3306/tcp

    If you want to know exactly what the above does, here is a line-by-line description:

    1. Create a new firewall zone called “haast” and make it permanent (survive the next reboot)
    2. Add the local IP address as a trusted source in zone haast
    3. Add the remote IP address as a trusted source in zone haast
    4. Add the port 3001 (HAAst telnet interface) as accessible from the trusted sources
    5. Add the port 3002 (HAAst peerlinkinterface) as accessible from the trusted sources
    6. Add the port 873 (sync) as accessible from the trusted sources
    7. Add the port 3306 (sync) as accessible from the trusted sources

    Other users reading this post must consider their network topology and adjust the above to fit their needs. For example, if you setting up a firewall BETWEEN nodes, or IN FRONT of nodes, or ON the nodes.

    As well, if you use our subscription service you must ensure TCP port 443 (outbound) is open from each node.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.