2.10. Configuring the iptables Firewall to Allow Cluster Components
You can use the following filtering to allow multicast traffic through the
iptables firewall for the various cluster components.
For
openais, use the following filtering. Port 5405 is used to receive multicast traffic.
iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT
For
ricci:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 11111 -j ACCEPT
For
modcluster:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 16851 -j ACCEPT
For
gnbd:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 14567 -j ACCEPT
For
luci:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 8084 -j ACCEPT
For
DLM:
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 21064 -j ACCEPT
For
ccsd:
iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 50007 -j ACCEPT iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 50008 -j ACCEPT
After executing these commands, run the following command.
service iptables save ; service iptables restart
In Red Hat Enterprise Linux 5,
rgmanager does not access the network directly; rgmanager communication happens by means of openais network transport. Enabling openais allows rgmanager (or any openais clients) to work automatically.
