<div dir="ltr">Hi Paul,<br><br>I will agree from experience that finding accurate, up-to-date documentation on how to do some basic configuration of a Gluster volume can be difficult. However, this blog post mentions the updated firewall ports.<br><br><a href="http://www.jamescoyle.net/how-to/457-glusterfs-firewall-rules">http://www.jamescoyle.net/how-to/457-glusterfs-firewall-rules</a><br><br>Get rid of 24009-24012 in your firewall configuration and replace them with 49152-4915X. If you don't actually need NFS, you can exclude the 3486X ports that you've opened as well.<br><br>________________________________________<br>From: <a href="mailto:gluster-users-bounces@gluster.org">gluster-users-bounces@gluster.org</a> <<a href="mailto:gluster-users-bounces@gluster.org">gluster-users-bounces@gluster.org</a>> on behalf of Osborne, Paul (<a href="mailto:paul.osborne@canterbury.ac.uk">paul.osborne@canterbury.ac.uk</a>) <<a href="mailto:paul.osborne@canterbury.ac.uk">paul.osborne@canterbury.ac.uk</a>><br>Sent: Thursday, October 30, 2014 8:58 AM<br>To: <a href="mailto:gluster-users@gluster.org">gluster-users@gluster.org</a><br>Subject: [Gluster-users] Firewall ports with v 3.5.2 grumble time<br><br>Hi,<br><br>I have a requirement to run my gluster hosts within a firewalled section of network and where the consumer hosts are in a different segment due to IP address preservation, part of our security policy requires that we run local firewalls on every host so I have to get the network access locked down appropriately.<br><br>I am running 3.5.2 using the packages provided in the Gluster package repository as my Linux distribution only includes packages for 3.2 which seems somewhat ancient.<br><br>Following the documentation here:<br><a href="http://www.gluster.org/community/documentation/index.php/Basic_Gluster_Troubleshooting">http://www.gluster.org/community/documentation/index.php/Basic_Gluster_Troubleshooting</a><br><br>I opened up the relevant ports:<br><br>34865 – 34867 for gluster<br>111 for the portmapper<br>24009 – 24012 as I am using 2 bricks<br><br>This though contradicts:<br><br><a href="http://gluster.org/community/documentation/index.php/Gluster_3.2:_Installing_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions">http://gluster.org/community/documentation/index.php/Gluster_3.2:_Installing_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions</a><br><br>Which says:<br><br>"Ensure that TCP ports 111, 24007,24008, 24009-(24009 + number of bricks across all volumes) are open on all Gluster servers. If you will be using NFS, open additional ports 38465 to 38467"<br><br>What has not been helpful is that there was no mention of port: 2049 for NFS over TCP - which would have been helpful and probably my own mistake as I should have known.<br><br>To really confuse matters I noticed that the bricks were not syncing anyway, and a look at the logs reveals:<br><br>/var/log/glusterfs/glfsheal-www.log:[2014-10-30 07:39:48.428286] I [client-handshake.c:1462:client_setvolume_cbk] 0-www-client-1: Connected to 111.222.333.444:49154, attached to remote volume '/srv/hod/lampe-www'.<br><br>along with other entries that show that I also actually need ports: 49154 and 49155 open.<br><br>even gluster volume status reveals some of the ports:<br><br>gluster> volume status<br>Status of volume: www<br>Gluster process Port Online Pid<br>------------------------------------------------------------------------------<br>Brick 194.82.210.140:/srv/hod/lampe-www 49154 Y 3035<br>Brick 194.82.210.130:/srv/hod/lampe-www 49155 Y 16160<br>NFS Server on localhost 2049 Y 16062<br>Self-heal Daemon on localhost N/A Y 16072<br>NFS Server on gfse-isr-01 2049 Y 3040<br>Self-heal Daemon on gfse-isr-01 N/A Y 3045<br><br>Task Status of Volume www<br>------------------------------------------------------------------------------<br>There are no active volume tasks<br><br><br>So my query here is, if the bricks are actually using 49154 & 49155 (which they appear to be) why is this not mentioned in the documentation and are there any other ports that I should be aware of?<br><br>Thanks<br><br>Paul<br>--<br><br>Paul Osborne<br>Senior Systems Engineer<br>Infrastructure Services<br>IT Department<br>Canterbury Christ Church University<br>_______________________________________________<br>Gluster-users mailing list<br><a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><br><a href="http://supercolony.gluster.org/mailman/listinfo/gluster-users">http://supercolony.gluster.org/mailman/listinfo/gluster-users</a><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font><a href="mailto:jrm16020@gmail.com" target="_blank">Jeremy Young</a>, M.S., RHCSA</font><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><div><font size="4"></font></div></blockquote></div></div>
</div>