Manualshelf

HP Serviceguard for Linux Version A.11.19 Release Notes, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS Cluster
31323334353637383940
This port is configurable; if port 1775 is already being used by another application,
configure and open another free port when you configure the firewall.
System Firewalls
When using a system firewall with Serviceguard for Linux, you must leave open the
ports listed above.
Serviceguard also uses some dynamic ports for some cluster services; these also need
to be open in the firewall. They are typically in the range 32768-61000 for Red Hat and
1024-29999 for SUSE. To determine the range on a given system, check the contents of
the file /proc/sys/net/ipv4/ip_local_port_range. If you have adjusted the
dynamic port range using kernel tunable parameters alter your firewall rules
accordingly.
To enable intra-cluster communications, each HEARTBEAT_IP network on every
node in the cluster must allow the following communications in both directions
with all other nodes in the cluster:
TCP on port numbers 5300 and 5302 and allow only packets with the SYN
flag
UDP on port numbers 5300 and 5302
TCP and UDP on dynamic ports
If you use a quorum server, all nodes in the cluster must allow the following
communication to the quorum server IP address:
TCP on port 1238 and allow only packets with the SYN flag
Any node providing quorum service for another cluster must allow the following
communication from that clusters nodes:
TCP on port 1238 and allow only packets with the SYN flag
Running the cmscancl command requires the ssh port be open.
There are additional firewall requirements to enable execution of Serviceguard
commands from nodes outside the cluster, such as those listed in cmclnodelist. To
allow execution of Serviceguard commands, follow the guidelines below.
34 Serviceguard for Linux Version A.11.19 Release Notes