Hi, Can someone help with this? I need to setup a firewall around a gluster (3.4) setup and I wouldn't like my clients to become peers. :) So the ports I'd need to watch for would be: management traffic (aka `gluster peer` operations etc) - 24007/tcp, 24008/tcp, 24009+/tcp (for the bricks) client traffic (so clients can mount & use the volume, but not become peers) - ??? nfs traffic - 111/udp, 111/tcp & 38465-38468/tcp Regards, Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro
On 24 Jul 2013, at 09:50, Nux! <nux at li.nux.ro> wrote:> Can someone help with this? I need to setup a firewall around a gluster (3.4) setup and I wouldn't like my clients to become peers. :) > So the ports I'd need to watch for would be: > management traffic (aka `gluster peer` operations etc) - 24007/tcp, 24008/tcp, 24009+/tcp (for the bricks) > client traffic (so clients can mount & use the volume, but not become peers) - ??? > nfs traffic - 111/udp, 111/tcp & 38465-38468/tcpOne of the things I noticed when upgrading to 3.4 is that the clients connect to different ports than with 3.3. Now they always seem to go for port 49152 rather than something in the previous nfs range. It seems this is a feature rather than a bug, but it would be nice to mention it in any upgrade guide. It's reported as a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=987555 Marcus -- Marcus Bointon Synchromedia Limited: Creators of http://www.smartmessages.net/ UK info at hand CRM solutions marcus at synchromedia.co.uk | http://www.synchromedia.co.uk/
On 24.07.2013 08:50, Nux! wrote:> Hi, > > Can someone help with this? I need to setup a firewall around a > gluster (3.4) setup and I wouldn't like my clients to become peers. :) > So the ports I'd need to watch for would be: > management traffic (aka `gluster peer` operations etc) - 24007/tcp, > 24008/tcp, 24009+/tcp (for the bricks) > client traffic (so clients can mount & use the volume, but not become > peers) - ??? > nfs traffic - 111/udp, 111/tcp & 38465-38468/tcpJust noticed 24009 needs to be open for the NFS to work (doh!). I'm still waiting for clarifications on which ports I need to open in order to allow client mounts, but not "peer" requests. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro