Assuming your nodes are 192.168.0.10 and 192.168.0.11, then issue the following commands on both nodes:
firewall-cmd –new-zone=haast –permanent
firewall-cmd –reload
firewall-cmd –zone=haast –permanent –add-source=192.168.0.10/32
firewall-cmd –zone=haast –permanent –add-source=192.168.0.11/32
firewall-cmd –zone=haast –permanent –add-port=3001/tcp
firewall-cmd –zone=haast –permanent –add-port=3002/tcp
firewall-cmd –zone=haast –permanent –add-port=873/tcp
firewall-cmd –zone=haast –permanent –add-port=3306/tcp
If you want to know exactly what the above does, here is a line-by-line description:
- Create a new firewall zone called “haast” and make it permanent (survive the next reboot)
- Add the local IP address as a trusted source in zone haast
- Add the remote IP address as a trusted source in zone haast
- Add the port 3001 (HAAst telnet interface) as accessible from the trusted sources
- Add the port 3002 (HAAst peerlinkinterface) as accessible from the trusted sources
- Add the port 873 (sync) as accessible from the trusted sources
- Add the port 3306 (sync) as accessible from the trusted sources
Other users reading this post must consider their network topology and adjust the above to fit their needs. For example, if you setting up a firewall BETWEEN nodes, or IN FRONT of nodes, or ON the nodes.
As well, if you use our subscription service you must ensure TCP port 443 (outbound) is open from each node.