[Kimchi-devel] [PATCH] Add firewall instructions to README-federation

Aline Manera alinefm at linux.vnet.ibm.com
Thu Sep 18 17:10:01 UTC 2014 

To properly run Kimchi with federation on system behind firewall, the
user must configure the firewall to do not block multicast responses.
Add those instructions to README-federation.md

Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
 docs/README-federation.md | 41 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 36 insertions(+), 5 deletions(-)

diff --git a/docs/README-federation.md b/docs/README-federation.md
index fdf4aed..47adfeb 100644
--- a/docs/README-federation.md
+++ b/docs/README-federation.md
@@ -10,15 +10,46 @@ virtualization and requires additional software installation.
 
 To enable it, do the following:
 
-1) Install openslp and openslp-server packages
-2) openSLP uses port 427 (UDP) and port 427 (TCP) so make sure to open those
+1. Install openslp and openslp-server packages
+2. openSLP uses port 427 (UDP) and port 427 (TCP) so make sure to open those
    ports in your firewall configuration
-3) Start slpd service and make sure it is up while running Kimchi
-4) Enable federation on Kimchi by editing the /etc/kimchi/kimchi.conf file:
+
+   For system using firewalld, do:
+   sudo firewall-cmd --permanent --add-port=427/udp
+   sudo firewall-cmd --permanent --add-port=427/tcp
+   sudo firewall-cmd --reload
+
+   For openSUSE systems, do:
+   sudo /sbin/SuSEfirewall2 open EXT TCP 427
+   sudo /sbin/SuSEfirewall2 open EXT UDP 427
+
+   For system using iptables, do:
+   sudo iptables -A INPUT -p tcp --dport 427 -j ACCEPT
+   sudo iptables -A INPUT -p udp --dport 427 -j ACCEPT
+
+3. In addition to the openSLP ports, you also need to allow multicast in the
+   firewall configuration
+
+   For system using firewalld, do:
+   sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -s <subnet> -j ACCEPT
+
+   For openSUSE systems, do:
+   Add the subnet to the trusted networks listed on FW_TRUSTED_NETS in
+   /etc/sysconfig/SuSEfirewall2 file.
+   Make sure to restart /sbin/SuSEfirewall2 after modifying /etc/sysconfig/SuSEfirewall2
+
+   For system using iptables, do:
+   sudo iptables -A INPUT -s <subnet> -j ACCEPT
+
+4. Start slpd service and make sure it is up while running Kimchi
+   sudo service slpd start
+
+5. Enable federation on Kimchi by editing the /etc/kimchi/kimchi.conf file:
 
    federation = on
 
-5) Then restart Kimchi service
+6. Then start Kimchi service
+   sudo service kimchid start
 
 The Kimchi server will be registered on openSLP on server starting up and will
 be found by other Kimchi peers (with federation feature enabled) in the same
-- 
1.9.3

More information about the Kimchi-devel mailing list