centos 6.x glusterfs 3.2.7 firewall blocking

joe at julianfamily.org (Joe Julian) · Mon, 14 Oct 2013 17:05:29 -0700

glusterbot>  glusterd's management port is 24007/tcp and 24008/tcp if 
you use rdma. Bricks (glusterfsd) use 24009 & up for <3.4 and 49152 & up 
for 3.4. (Deleted volumes do not reset this counter.) Additionally it 
will listen on 38465-38467/tcp for nfs, also 38468 for NLM since 3.3.0. 
NFS also depends on rpcbind/portmap on port 111 and 2049 since 3.4

On 10/14/2013 3:07 PM, James wrote:
> On Mon, Oct 14, 2013 at 9:35 AM,  <mvb at nederlandweb.nl> wrote:
>> centos 6.x
>>
>> gluster --version
>>
>> glusterfs 3.2.7 built on Jun 11 2012 13:22:29
>>
>>
>>
>> The problem is that when i'm trying to probe like this:
>>
>> gluster peer probe [hostname]
>>
>>
>>
>> It never probe's because the firewall is blocking (when I turn it of on both
>> sides everything works)
>>
>>
>>
>> But I want to keep the firewall running.
>>
>>
>>
>> A google search give's me serveral possible ports to open , so I end with
>> this:
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 54539 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 38003 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 616 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 24007:24047 -j
>> ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 49152:49162 -j
>> ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
>>
>> iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 38465:38470 -j
>> ACCEPT
>>
>> service iptables save
>>
>> service iptables restart
>>
>>
>>
>> But still not working.
>>
>>
>>
>> What port do I have to open ?
>>
>>
>> _______________________________________________
>> Gluster-users mailing list
>> Gluster-users at gluster.org
>> http://supercolony.gluster.org/mailman/listinfo/gluster-users
> Older versions of gluster use 24009+ ...
> Open these...
>
> You can also look at your firewall logs to see what access requests
> are being blocked.
> To avoid figuring this all out yourself, you can use puppet-gluster.
>
> Cheers,
> James
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://supercolony.gluster.org/mailman/listinfo/gluster-users