Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureHigh Performance Computing Solution Resources
41424344454647484950
Dell HPC NFS Storage Solution High Availability Configurations with Large Capacities
50
A.3.5. Network security setting
In this step ports will be enabled on both servers. The list of cluster ports to be enabled is in the
Red Hat Cluster Administration Guide, section 2.3.
http://docs.redhat.com/docs/en-
US/Red_Hat_Enterprise_Linux/6/pdf/Cluster_Administration/Red_Hat_Enterprise_Linux-6-
Cluster_Administration-en-US.pdf
The list of NFS ports to be allowed in the firewall is listed in this Red Hat document:
http://docs.redhat.com/docs/en-
US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-
config.html
Launch the firewall configuration tool (system-config-securitylevel), make sure to (select) enable
NFSv4 and SSH in the GUI, and exit it.
Then, use the following commands to start the firewall and enable it across reboots, allow
portmapper and cluster traffic, and save the changes.
# service iptables start; chkconfig iptables on
# iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 111,
2049,5404,5405 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 111,
2049,11111,16851,8084,21064 -j ACCEPT
# service iptables save
Note: For NFSv4, unlike NFSv3, all NFS communications are self-contained within port 2049.
If there is no plan to deploy NFSv3, no further configuration is needed for the iptables service. Skip
to the next step.
The NFSv3 ports must be allowed through the firewall:
# iptables -I INPUT -p udp -m state --state NEW -m multiport --dports
875,890,892,12025 -j ACCEPT
# iptables -I INPUT -p tcp -m state --state NEW -m multiport dports
875,890,892,12025 -j ACCEPT
# service iptables save
Now NFSv3 needs to be reconfigured to statically assign ports for its different components, so that
the previous firewall changes can be effective. Confirm the changes by making sure the output
lines of the grep command are not commented out and the port numbers specified match those in
the previous iptables commands. On each of the servers, apply the following changes:
# sed -i 's/.*RQUOTAD_PORT=.*/RQUOTAD_PORT=875/' /etc/sysconfig/nfs
# sed -i 's/.*LOCKD_UDPPORT=.*/LOCKD_UDPPORT=890/' /etc/sysconfig/nfs
# sed -i 's/.*LOCKD_TCPPORT=.*/LOCKD_TCPPORT=890/' /etc/sysconfig/nfs
# sed -i 's/.*MOUNTD_PORT=.*/MOUNTD_PORT=892/' /etc/sysconfig/nfs
# sed -i 's/.*STATD_PORT=.*/STATD_PORT=12025/' /etc/sysconfig/nfs
# egrep "D_PORT|PPORT" nfs
RQUOTAD_PORT=875