Chapter 3. Considerations for Red Hat Gluster Storage

3.1. Firewall and Port Access

Red Hat Gluster Storage requires access to a number of ports in order to work properly. Ensure that port access is available as indicated in Section 3.1.2, “Port Access Requirements”.

3.1.1. Configuring the Firewall

Firewall configuration tools differ between Red Hat Entperise Linux 6 and Red Hat Enterprise Linux 7.
For Red Hat Enterprise Linux 6, use the iptables command to open a port:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5667 -j ACCEPT
  # service iptables save
For Red Hat Enterprise Linux 7, if default ports are in use, it is usually simpler to add a service rather than open a port:
# firewall-cmd --zone=zone_name --add-service=glusterfs
  # firewall-cmd --zone=zone_name --add-service=glusterfs --permanent
However, if the default ports are already in use, you can open a specific port with the following command:
# firewall-cmd --zone=zone_name --add-port=port/protocol
  # firewall-cmd --zone=zone_name --add-port=port/protocol --permanent
For example:
# firewall-cmd --zone=public --add-port=5667/tcp
  # firewall-cmd --zone=public --add-port=5667/tcp --permanent

3.1.2. Port Access Requirements

Table 3.1. Open the following ports on all storage servers

Connection sourceTCP PortsUDP PortsRecommended forUsed for
Any authorized network entity with a valid SSH key22-All configurationsRemote backup using geo-replication
Any authorized network entity; be cautious not to clash with other RPC services.111111All configurationsRPC port mapper and RPC bind
Any authorized SMB/CIFS client139 and 445137 and 138Sharing storage using SMB/CIFSSMB/CIFS protocol
Any authorized NFS clients20492049Sharing storage using Gluster NFS or NFS-GaneshaExports using NFS protocol
All servers in the Samba-CTDB cluster4379-Sharing storage using SMB and Gluster NFSCTDB
Any authorized network entity24007-All configurationsManagement processes using glusterd
Any authorized network entity24009-All configurationsGluster events daemon
Any network entity monitored by Nagios5666-Monitoring using Red Hat Gluster Storage Console and NagiosNRPE service
NFSv3 clients662662Sharing storage using NFS-Ganesha and Gluster NFSstatd
NFSv3 clients3280332803Sharing storage using NFS-Ganesha and Gluster NFSNLM protocol
NFSv3 clients sending mount requests-32769Sharing storage using Gluster NFSGluster NFS MOUNT protocol
NFSv3 clients sending mount requests2004820048Sharing storage using NFS-GaneshaNFS-Ganesha MOUNT protocol
NFS clients875875Sharing storage using NFS-GaneshaNFS-Ganesha RQUOTA protocol (fetching quota information)
Servers in pacemaker/corosync cluster2224-Sharing storage using NFS-Ganeshapcsd
Servers in pacemaker/corosync cluster3121-Sharing storage using NFS-Ganeshapacemaker_remote
Servers in pacemaker/corosync cluster-5404 and 5405Sharing storage using NFS-Ganeshacorosync
Servers in pacemaker/corosync cluster21064-Sharing storage using NFS-Ganeshadlm
Any authorized network entity to access gluster-swift proxy server via SSL/TLS mode; SSL/TLS cert is required.443-Object storage configurationsHTTPS requests
Any authorized network entity with valid object server gluster-swift credentials6010-Object storage configurationsObject server
Any authorized network entity with valid container server gluster-swift credentials6011-Object storage configurationsContainer server
Any authorized network entity with valid gluster-swift account credentials6012-Object storage configurationsAccount server
Any authorized network entity with valid gluster-swift proxy credentials8080-Object storage configurationsProxy server
Any authorized network entity49152 - 49664-All configurationsBrick communication ports. The total number of ports required depends on the number of bricks on the node. One port is required for each brick on the machine.

Table 3.2. Open the following ports on NFS-Ganesha and Gluster NFS storage clients

Connection sourceTCP PortsUDP PortsRecommended forUsed for
NFSv3 servers662662Sharing storage using NFS-Ganesha and Gluster NFSstatd
NFSv3 servers3280332803Sharing storage using NFS-Ganesha and Gluster NFSNLM protocol

Table 3.3. Open the following ports on all Nagios servers

Connection sourceTCP PortsUDP PortsRecommended forUsed for
Console clients80-Monitoring using Red Hat Gluster Storage Console and NagiosHTTP protocol when Nagios server runs on a Red Hat Gluster Storage server
Console clients443-Monitoring using Red Hat Gluster Storage Console and NagiosHTTPS protocol when Nagios server runs on a Red Hat Gluster Storage server
Servers monitored by Nagios5667-Monitoring using Red Hat Gluster Storage Console and NagiosNSCA service when Nagios server runs on a Red Hat Gluster Storage server