2.12. Configuring the iptables Firewall to Allow Cluster Components
You can use the following filtering to allow traffic through the iptables firewall for the various cluster components.
For corosync, use the following filtering. Port 5405 is used to receive multicast traffic.
iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT
For ricci:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 11111 -j ACCEPT
For modcluster:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 16851 -j ACCEPT
For luci:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 8084 -j ACCEPT
For DLM:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 21064 -j ACCEPT
After executing these commands, run the following command.
service iptables save ; service iptables restart
In Red Hat Enterprise Linux 6, rgmanager does not access the network directly; rgmanager communication happens by means of corosync network transport. Enabling corosync allows rgmanager (or any corosync clients) to work automatically.
