6.0 HP X9720 Network Storage System Administrator Guide (AW549-96034, December 2011)
Configuring ports for a firewall
IMPORTANT: To avoid unintended consequences, HP recommends that you configure the firewall
during scheduled maintenance times.
When configuring a firewall, you should be aware of the following:
• SELinux should be disabled.
• By default, NFS uses random port numbers for operations such as mounting and locking.
These ports must be fixed so that they can be listed as exceptions in a firewall configuration
file. For example, you will need to lock specific ports for rpc.statd, rpc.lockd,
rpc.mountd, and rpc.quotad.
• It is best to allow all ICMP types on all networks; however, you can limit ICMP to types 0, 3,
8, and 11 if necessary.
Be sure to open the ports listed in the following table.
DescriptionPort
SSH22/tcp
SSH for Onboard Administrator (OA); only for X9720/X9730 blades9022/tcp
NTP123/tcp, 123/upd
Multicast DNS, 224.0.0.2515353/udp
netperf tool12865/tcp
X9000 management console to file serving nodes80/tcp
443/tcp
X9000 management console and X9000 file system5432/tcp
8008/tcp
9002/tcp
9005/tcp
9008/tcp
9009/tcp
9200/tcp
Between file serving nodes and NFS clients (user network)
NFS
2049/tcp, 2049/udp
111/tcp, 111/udp
RPC
875/tcp, 875/udp
quota
32803/tcp
lockmanager
32769/udp
lockmanager
892/tcp, 892/udp
mount daemon
662/tcp, 662/udp
stat
2020/tcp, 2020/udp
stat outgoing
4000:4003/tcp
reserved for use by a custom application (CMU) and can be disabled if not used
Between file serving nodes and CIFS clients (user network)137/udp
138/udp
139/tcp
445/tcp
Between file serving nodes and X9000 clients (user network)9000:9002/tcp
20 Getting started