Re: [Users] Attach nfs domain to gluster dc
On Thu, Dec 12, 2013 at 5:01 PM, Juan Pablo Lorier <jplorier(a)gmail.com> wrote:
...
# nfs
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 38467 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 41729 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT
-A INPUT -p udp -m udp --dport 43828 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT
-A INPUT -p udp -m udp --dport 47492 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 58837 -j ACCEPT
The above rules might break after a reboot.
Best practice is to set the normally dynamic nfs ports to fixed
values in /etc/sysconfig/nfs and then open those ports in the firewall.
Now I'm changing the settings by overriding the defaults in the domain
and auto negotiating the protocol. This firewall correction may be a
good thing to add in the deploy.
Are you doing this on a node or on your engine server?
The engine-setup configured both /etc/sysconfig/nfs and iptables for me
on my engine server (for the iso domain).