Bug 204724 - iptables rules for cluster suite
iptables rules for cluster suite
Status: CLOSED CURRENTRELEASE
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: doc (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Kennedy
Cluster QE
: Documentation
Depends On:
Blocks: 429367
  Show dependency treegraph
 
Reported: 2006-08-31 04:27 EDT by Matthew Booth
Modified: 2015-04-19 20:47 EDT (History)
5 users (show)

See Also:
Fixed In Version: 4.5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-16 17:11:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
New content for enabling IP ports for use with Red Hat Cluster (40.25 KB, text/pdf)
2007-08-29 15:32 EDT, Paul Kennedy
no flags Details

  None (edit)
Description Matthew Booth 2006-08-31 04:27:25 EDT
The following iptables rules allow cluster suite to work:

# rgmanager
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 41966,41967,41968,41969 -j ACCEPT
# ccsd
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 50006,50008,50009 -j ACCEPT
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p udp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 50007 -j ACCEPT
# dlm
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 21064 -j ACCEPT
#cman
-A INPUT -i <cluster if> -m state --state NEW -p udp -s 1.1.1.0/24 -d 1.1.1.0/24
--dport 6809 -j ACCEPT

Could this please be added to the cluster suite documentation.
Comment 1 Matthew Booth 2006-08-31 04:29:17 EDT
Obviously 1.1.1.0/24 above must also be replaced with the correct cluster subnet.
Comment 2 Paul Kennedy 2006-10-18 18:17:21 EDT
Will add to currently published documentation.
Comment 3 Ryan McCabe 2007-03-20 16:44:52 EDT
Also, for conga on 4.5, you'll need to allow TCP dports 11111 (ricci) and 16851
(modclusterd).
Comment 4 Kiersten (Kerri) Anderson 2007-05-21 18:18:39 EDT
Moving this bug to the 4.6 release since 4.5 has already been released.
Comment 5 Michael Hideo 2007-06-06 00:45:35 EDT
Adding 'cc ecs-dev-list@redhat.com for tracking
Comment 6 Paul Kennedy 2007-07-19 17:48:31 EDT
Refer to draft of update here:

http://homer.msp.redhat.com/~pkennedy/bug-204724/Cluster_Administration-13-rhel4.pdf

This is a chapter to be added to the most current cluster administration
document. Please review section 2.1, "Enabling IP Ports" for technical accuracy.
Does this addition address this bug? If this looks good, I will adapt it for
RHEL 5 doc, too.
Comment 7 Paul Kennedy 2007-08-10 13:52:25 EDT
I have revised the text. Here is a link to HTML output:

https://engineering.redhat.com/docbot/en-US/Storage_And_Cluster/4.6.0/html/Cluster_Administration/s1-iptables-CA.html

No PDF is available at this time. Please review for technical accuracy and
confirm that the revised text fixes the bug.

Thanks.

Paul
Comment 9 Ryan McCabe 2007-08-20 11:19:16 EDT
You may want to add luci (port 8084) to the list.
Comment 13 Paul Kennedy 2007-08-29 15:32:23 EDT
Created attachment 179681 [details]
New content for enabling IP ports for use with Red Hat Cluster

New content created (refer to attachment) and reviewed for technical
accuracy. New content is section, "Enabling IP Ports" for new chapter, "Before
Configuring a Red Hat Cluster" in Cluster Administration Guide.

New content will be published with currently supported RHEL 4 documentation --
RHEL 4.5 and RHEL 4.6. (Comparable content will be published with currently
supported RHEL 5 documentation.)
Comment 14 Michael Hideo 2007-10-22 22:46:14 EDT
Removing automation notification
Comment 15 Paul Kennedy 2008-01-16 17:11:19 EST
New content is available here:
http://www.redhat.com/docs/manuals/csgfs/

Note You need to log in before you can comment on or make changes to this bug.