6.2.4
Checking the firewall function (opening ports)
Open any partition port that is required for operating PSA but is not open because of firewall settings. Configure
the management LAN interfaces and PSA-to-MMB communication LAN interfaces.
Settings related to the PSA-to-MMB communication LAN interface are required. Usually, the interfaces are
automatically set during PSA installation.(*1)
The settings related to the management LAN interface are required only for PRIMECLUSTER linkage. Open the
ports by executing the supplied shell script for these settings. Alternatively, use the iptables command or another
command to make the settings manually.(*2)
For RHEL6, see the information [For PSA version 2.6 or later].
*1 In PSA version 2.6 and later, the ports are configured only when PSA is automatically installed from SVIM.
*2 In PSA version 2.6 and later, only a chain for the management LAN (MMLAN) is created by execution of the
shell script for settings (setmlanfw.sh). Add the jump setting for the management LAN to INPUT or OUTPUT in
iptables. For details, see Using the shell script (setmlanfw.sh) for these settings.
Management LAN interfaces
Open the following ports for use with the management LAN interfaces.
Perform the operations described in
6.2.7 Setting the management LAN IP address
before making the settings.
Open the ports by executing the shell script (setmlanfw.sh) for these settings. Alternatively, use the iptables
command or another command to make the settings manually.
TABLE 6.4 Ports to open for the management LAN interfaces
Port
Port number
Description
Remarks
snmptrap port
udp/snmptrap or 162
Open the port only for linkage with a
cluster (e.g., PCL linkage).
For the IP addresses,
specify the physical
IP addresses of the
MMBs (MMB#0/
MMB#1) belonging
to all cluster nodes.
rmcp+ port
udp/7000 to 7100
Using the shell script (setmlanfw.sh) for these settings
Note
- setmlanfw.sh is a tool for setting a management LAN port in iptables. If a firewall other than iptables is used,
the ports specified in
TABLE 6.4 Ports to open for the management LAN interfaces
individually.
- If PSA version 2.8.0 or earlier is installed and the shell script (setmlanfw.sh) for these settings is used, the
existing settings are cleared when the iptables service stops.
- The shell script (setmlanfw.sh) for these settings adds settings to iptables. To make settings with this script,
start the iptables service.
1. Confirm the completion of the operations described in
6.2.7 Setting the management LAN IP address
2. Prepare a configuration file.
PRIMEQUEST 1000 Series Installation Manual
CHAPTER 6 Work after Operating System Installation (PRIMEQUEST 1800E)
135
C122-E107-09EN