2.2.5. Firewall Configuration

This section documents the firewall requirements of the Red Hat Enterprise Virtualization environment. The ports that need to be opened, the type of traffic the port is used for, and the source of traffic which will be received on the port will be covered for the:
  • Red Hat Enterprise Virtualization Manager,
  • virtualization hosts, and
  • directory server.
While specific configuration instructions for additional network infrastructure which may exist between these systems will not be covered it is intended that the information provided will assist with this task.

2.2.5.1. Red Hat Enterprise Virtualization Manager Firewall Requirements

The Red Hat Enterprise Virtualization Manager requires that a number of ports be opened to allow network traffic through the system's firewall. The rhevm-setup script is able to set the required firewall rules automatically. Where an existing firewall configuration exists this step is able to be skipped. This allows the required changes to be manually integrated with the existing firewall script(s).
The firewall configuration documented within this chapter assumes a default configuration. Where you choose alternative values during installation, such as specifying a different HTTP, or HTTPS, port adjust the firewall rules to allow the selected port - not the default listed here.

Table 2.1. Red Hat Enterprise Virtualization Manager Firewall Requirements

Port(s) Protocol Source Destination Purpose
22 TCP
  • System(s) used for maintenance of the manager including backend configuration, and software upgrades.
  • Red Hat Enterprise Virtualization Manager
SSH (optional)
8080, 8443 TCP
  • Administration Portal clients
  • User Portal clients
  • Red Hat Enterprise Virtualization Hypervisor(s)
  • Red Hat Enterprise Linux host(s)
  • REST API clients
  • Red Hat Enterprise Virtualization Manager
Provides HTTP and HTTPS access to the manager.

Important — Additional Ports Required to Export Storage

Where the Red Hat Enterprise Virtualization Manager is also to export NFS storage, such as an ISO Domain, then additional ports must be allowed through the firewall. The ports used for NFS, which need to be exposed to the Red Hat Enterprise Linux Hosts and Red Hat Enterprise Virtualization Hypervisors, are listed in the /etc/sysconfig/nfs file:
$ cat /etc/sysconfig/nfs
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
RQUOTAD_PORT=875
STATD_PORT=662
STATD_OUTGOING_PORT=2020