Hi Robert, thanks for your fast reply. I probably misunderstand something, I thought the client binds to a port itself. I guess, the info you refer to is this: https://docs.ceph.com/en/latest/rados/configuration/network-config-ref/?highlight=iptables . I read this as the iptables config on the storage servers and am wondering what the config on a client server should be. Which ports are the clients using - if any? Thanks! ================= Frank Schilder AIT Risø Campus Bygning 109, rum S14 ________________________________________ From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx> Sent: 10 February 2021 15:28:40 To: ceph-users@xxxxxxx Subject: Re: firewall config for ceph fs client Hi, Am 10.02.21 um 15:15 schrieb Frank Schilder: > we plan to add a kernel client mount to a server in our DMZ. I can't find information on how to allow a ceph client to access a ceph cluster through a firewall. A CephFS client will always talk to all MONs, MDSs and OSDs in the cluster. You need ports 3300 and 6789 for the MONs on their IPs and any dynamic port starting at 6800 used by the OSDs. The MDS also uses a port above 6800. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin http://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |