Bug 204724 - iptables rules for cluster suite
Summary: iptables rules for cluster suite
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Cluster Suite
Classification: Retired
Component: doc   
(Show other bugs)
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul Kennedy
QA Contact: Cluster QE
URL:
Whiteboard:
Keywords: Documentation
Depends On:
Blocks: 429367
TreeView+ depends on / blocked
 
Reported: 2006-08-31 08:27 UTC by Matthew Booth
Modified: 2015-04-20 00:47 UTC (History)
5 users (show)

Fixed In Version: 4.5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-16 22:11:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
New content for enabling IP ports for use with Red Hat Cluster (40.25 KB, text/pdf)
2007-08-29 19:32 UTC, Paul Kennedy
no flags Details

Description Matthew Booth 2006-08-31 08:27:25 UTC
The following iptables rules allow cluster suite to work:

# rgmanager
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 41966,41967,41968,41969 -j ACCEPT
# ccsd
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 50006,50008,50009 -j ACCEPT
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p udp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 50007 -j ACCEPT
# dlm
-A INPUT -i <cluster if> -m state --state NEW -m multiport -p tcp -s 1.1.1.0/24
-d 1.1.1.0/24 --dports 21064 -j ACCEPT
#cman
-A INPUT -i <cluster if> -m state --state NEW -p udp -s 1.1.1.0/24 -d 1.1.1.0/24
--dport 6809 -j ACCEPT

Could this please be added to the cluster suite documentation.

Comment 1 Matthew Booth 2006-08-31 08:29:17 UTC
Obviously 1.1.1.0/24 above must also be replaced with the correct cluster subnet.

Comment 2 Paul Kennedy 2006-10-18 22:17:21 UTC
Will add to currently published documentation.

Comment 3 Ryan McCabe 2007-03-20 20:44:52 UTC
Also, for conga on 4.5, you'll need to allow TCP dports 11111 (ricci) and 16851
(modclusterd).

Comment 4 Kiersten (Kerri) Anderson 2007-05-21 22:18:39 UTC
Moving this bug to the 4.6 release since 4.5 has already been released.

Comment 5 Michael Hideo 2007-06-06 04:45:35 UTC
Adding 'cc ecs-dev-list@redhat.com for tracking

Comment 6 Paul Kennedy 2007-07-19 21:48:31 UTC
Refer to draft of update here:

http://homer.msp.redhat.com/~pkennedy/bug-204724/Cluster_Administration-13-rhel4.pdf

This is a chapter to be added to the most current cluster administration
document. Please review section 2.1, "Enabling IP Ports" for technical accuracy.
Does this addition address this bug? If this looks good, I will adapt it for
RHEL 5 doc, too.

Comment 7 Paul Kennedy 2007-08-10 17:52:25 UTC
I have revised the text. Here is a link to HTML output:

https://engineering.redhat.com/docbot/en-US/Storage_And_Cluster/4.6.0/html/Cluster_Administration/s1-iptables-CA.html

No PDF is available at this time. Please review for technical accuracy and
confirm that the revised text fixes the bug.

Thanks.

Paul

Comment 9 Ryan McCabe 2007-08-20 15:19:16 UTC
You may want to add luci (port 8084) to the list.

Comment 13 Paul Kennedy 2007-08-29 19:32:23 UTC
Created attachment 179681 [details]
New content for enabling IP ports for use with Red Hat Cluster

New content created (refer to attachment) and reviewed for technical
accuracy. New content is section, "Enabling IP Ports" for new chapter, "Before
Configuring a Red Hat Cluster" in Cluster Administration Guide.

New content will be published with currently supported RHEL 4 documentation --
RHEL 4.5 and RHEL 4.6. (Comparable content will be published with currently
supported RHEL 5 documentation.)

Comment 14 Michael Hideo 2007-10-23 02:46:14 UTC
Removing automation notification

Comment 15 Paul Kennedy 2008-01-16 22:11:19 UTC
New content is available here:
http://www.redhat.com/docs/manuals/csgfs/


Note You need to log in before you can comment on or make changes to this bug.