Chapter 3. Considerations for Red Hat Gluster Storage

3.1. Firewall and Port Access

Red Hat Gluster Storage requires access to a number of ports in order to work properly. Ensure that port access is available as indicated in Section 3.1.2, “Port Access Requirements”.

3.1.1. Configuring the Firewall

Firewall configuration tools differ between Red Hat Entperise Linux 6 and Red Hat Enterprise Linux 7.
For Red Hat Enterprise Linux 6, use the iptables command to open a port:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5667 -j ACCEPT
# service iptables save
For Red Hat Enterprise Linux 7, if default ports are not already in use by other services, it is usually simpler to add a service rather than open a port:
# firewall-cmd --zone=zone_name --add-service=glusterfs
# firewall-cmd --zone=zone_name --add-service=glusterfs --permanent
However, if the default ports are already in use, you can open a specific port with the following command:
# firewall-cmd --zone=zone_name --add-port=port/protocol
# firewall-cmd --zone=zone_name --add-port=port/protocol --permanent
For example:
# firewall-cmd --zone=public --add-port=5667/tcp
# firewall-cmd --zone=public --add-port=5667/tcp --permanent

3.1.2. Port Access Requirements

Table 3.1. Open the following ports on all storage servers

Connection sourceTCP PortsUDP PortsRecommended forUsed for
Any authorized network entity with a valid SSH key22-All configurationsRemote backup using geo-replication
Any authorized network entity; be cautious not to clash with other RPC services.111111All configurationsRPC port mapper and RPC bind
Any authorized SMB/CIFS client139 and 445137 and 138Sharing storage using SMB/CIFSSMB/CIFS protocol
Any authorized NFS clients20492049Sharing storage using Gluster NFS or NFS-GaneshaExports using NFS protocol
All servers in the Samba-CTDB cluster4379-Sharing storage using SMB and Gluster NFSCTDB
Any authorized network entity24007-All configurationsManagement processes using glusterd
Any authorized network entity24009-All configurationsGluster events daemon
NFSv3 clients662662Sharing storage using NFS-Ganesha and Gluster NFSstatd
NFSv3 clients3280332803Sharing storage using NFS-Ganesha and Gluster NFSNLM protocol
NFSv3 clients sending mount requests-32769Sharing storage using Gluster NFSGluster NFS MOUNT protocol
NFSv3 clients sending mount requests2004820048Sharing storage using NFS-GaneshaNFS-Ganesha MOUNT protocol
NFS clients875875Sharing storage using NFS-GaneshaNFS-Ganesha RQUOTA protocol (fetching quota information)
Servers in pacemaker/corosync cluster2224-Sharing storage using NFS-Ganeshapcsd
Servers in pacemaker/corosync cluster3121-Sharing storage using NFS-Ganeshapacemaker_remote
Servers in pacemaker/corosync cluster-5404 and 5405Sharing storage using NFS-Ganeshacorosync
Servers in pacemaker/corosync cluster21064-Sharing storage using NFS-Ganeshadlm
Any authorized network entity49152 - 49664-All configurationsBrick communication ports. The total number of ports required depends on the number of bricks on the node. One port is required for each brick on the machine.

Table 3.2. Open the following ports on NFS-Ganesha and Gluster NFS storage clients

Connection sourceTCP PortsUDP PortsRecommended forUsed for
NFSv3 servers662662Sharing storage using NFS-Ganesha and Gluster NFSstatd
NFSv3 servers3280332803Sharing storage using NFS-Ganesha and Gluster NFSNLM protocol