Manualshelf

5.5 HP StorageWorks X9720 Network Storage System Administrator Guide (AW549-96026, March 2011)

ManualsBrandsHP ManualsStorageHP X9320 10GbE 21.6TB Network Storage System
21222324252627282930
DescriptionPort
The following section describes services that normally operate across the management network (bond0).
However, if the management network is down, these services use the site network. The firewall must not prevent
X9720 Network Storage System servers in the same system from communicating via these ports (but can block
other systems).
NTP
123/tcp
123/udp
Used by X9000 management console and X9000 file system
5432/tcp
8008/tcp
9002/tcp
9005/tcp
9008/tcp
9009/tcp
9200/tcp
Opening a port through the firewall
To open a port, modify the MXSO-User-Filter chain. For example, to allow port 555, use the following
commands:
# pdsh -a iptables -I MXSO-User-Filter -p tcp -m tcp --dport 555 -j ACCEPT
# pdsh -a service iptables save
If a server is down at this time, be sure to update the firewall rule when the server is next rebooted.
NOTE:
Do not stop and restart iptables while the system is in operation. This is known to cause interruptions
in existing connections. Use the modify/save cycle as described in this section.
Closing a port through the MXSO-External-Filter chain
To close a file service protocol port, modify the MXSO-External-Filter chain. For example, to make
CIFS port 445 unavailable, disable it as follows:
# pdsh –a iptables -D MXSO-External-Filter -p tcp -m tcp --dport 445 -j
ACCEPT
# pdsh –a service iptables save
Restricting a port to an IP
To restrict a file service protocol port to a particular IP subnet, modify the MXSO-External-Filter chain.
For example, to restrict http port 80, use the following process:
X9720 Network Storage System Administrator Guide 25