The Red Hat Enterprise Virtualization Manager requires that a number of ports be opened to allow network traffic through the system's firewall. The
rhevm-setup script is able to configure the firewall automatically, but this will overwrite any pre-existing firewall configuration.
Where an existing firewall configuration exists the firewall rules required by the Manager must instead be manually inserted into it. The
rhevm-setup command will save a list of the iptables rules required in the /usr/share/ovirt-engine/conf/iptables.example file.
The firewall configuration documented here assumes a default configuration. Where non-default HTTP and HTTPS ports are chosen during installation adjust the firewall rules to allow network traffic on the ports that were selected - not the default ports (
80 and 443) listed here.
Table A.1. Red Hat Enterprise Virtualization Manager Firewall Requirements
| Port(s) | Protocol | Source | Destination | Purpose |
|---|---|---|---|---|
| - | ICMP |
|
| When registering to the Red Hat Enterprise Virtualization Manager, virtualization hosts send an ICMP ping request to the Manager to confirm that it is online. |
| 22 | TCP |
|
| SSH (optional) |
| 80, 443 | TCP |
|
|
Provides HTTP and HTTPS access to the Manager.
|
Important
In environments where the Red Hat Enterprise Virtualization Manager is also required to export NFS storage, such as an ISO Storage Domain, additional ports must be allowed through the firewall. Grant firewall exceptions for the ports applicable to the version of NFS in use:
NFSv4
- TCP and UDP port
2049for NFS. - TCP and UDP port
111(rpcbind/sunrpc).
NFSv3
- TCP and UDP port
2049for NFS. - TCP and UDP port
111(rpcbind/sunrpc). - TCP and UDP port specified with
MOUNTD_PORT="port" - TCP and UDP port specified with
STATD_PORT="port" - TCP port specified with
LOCKD_TCPPORT="port" - UDP port specified with
LOCKD_UDPPORT="port"
The
MOUNTD_PORT, STATD_PORT, LOCKD_TCPPORT, and LOCKD_UDPPORT ports are configured in the /etc/sysconfig/nfs file.