Page 1 of 1

Run firewalld with HAAst

Posted: Sat Jul 06, 2019 12:04 am
by CRM User
Although my cluster nodes are protected by our perimeter firewall I would like to use FirewallD on the cluster nodes. However, doing so prevents communications between peers. How to I tell FirewallD to allow traffic between nodes (and from itself for testing)?

Re: Run firewalld with HAAst

Posted: Sat Jul 06, 2019 12:12 am
by Telium Support
Assuming your nodes are 192.168.0.10 and 192.168.0.11 then issue the following commands on both nodes:

Code: Select all

firewall-cmd --new-zone=haast --permanent
firewall-cmd --reload
firewall-cmd --zone=haast --permanent --add-source=192.168.0.10/32
firewall-cmd --zone=haast --permanent --add-source=192.168.0.11/32
firewall-cmd --zone=haast --permanent --add-port=3001/tcp
firewall-cmd --zone=haast --permanent --add-port=3002/tcp
firewall-cmd --zone=haast --permanent --add-port=873/tcp
firewall-cmd --zone=haast --permanent --add-port=3306/tcp
If you want to know exactly what the above does, here is a line-by-line description:
  1. Create a new firewall zone called "haast" and make it permanent (survive the next reboot)
  2. Add the local IP address as a trusted source in zone haast
  3. Add the remote IP address as a trusted source in zone haast
  4. Add the port 3001 (HAAst telnet interface) as accessible from the trusted sources
  5. Add the port 3002 (HAAst peerlinkinterface) as accessible from the trusted sources
  6. Add the port 873 (file sync) as accessible from the trusted sources
  7. Add the port 3306 (mysql sync) as accessible from the trusted sources