Bug 1039657 - iptable entries for rhs nodes do not contain udp:123, tcp: 6010, 6011, 6012, 443
Summary: iptable entries for rhs nodes do not contain udp:123, tcp: 6010, 6011, 6012, 443
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: rhsc
Version: 2.1
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Dusmant
QA Contact: Dustin Tsang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-09 17:18 UTC by Dustin Tsang
Modified: 2016-02-18 00:15 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-12-10 16:48:47 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Dustin Tsang 2013-12-09 17:18:23 UTC 
Description of problem:

iptable entries added to gluster hosts when added to a rhsc cluster do not contain: 
udp 123 
tcp 6010
tcp 6011
tcp 6012
tcp 443

reference https://access.redhat.com/site/documentation/en-US/Red_Hat_Storage/2.1/html-single/Installation_Guide/index.html#chap-Installation_Guide-Planning-Port

Version-Release number of selected component (if applicable):
rhsc-cb10

How reproducible:
100%

Steps to Reproduce:
1. create a cluster in rhsc
2. add a rhs host to the cluster
3. once host is up, ssh into the rhs host and run `service iptables status`

Actual results:
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:54321 
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:161 
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:24007 
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:111 
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38465 
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38466 
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111 
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38467 
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2049 
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38469 
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:39543 
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:55863 
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:38468 
18   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:963 
19   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:965 
20   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:4379 
21   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:139 
22   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
23   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:24009:24108 
24   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:49152:49251 
25   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 


Expected results:

rules should also include entries for 
udp 123 
tcp 6010
tcp 6011
tcp 6012
tcp 443

Additional info:
Comment 2 Dusmant 2013-12-10 16:48:26 UTC 
All the above ports are required for SWIFT configuration and currently RHSC does not support SWIFT and hence it's not required to have them in the iptable rules. Hence moving this bug to CLOSED state as NOTABUG
Note You need to log in before you can comment on or make changes to this bug.