HP Serviceguard for Linux Version A.11.18 Release Notes, 2nd Edition, March 2009
• hacl-gs 5301/TCP HA Cluster General Services
• hacl-cfg 5302/TCP HA Cluster TCP configuration
• hacl-cfg 5302/UDP HA Cluster UDP configuration
• hacl-probe 5303/TCP HA Cluster TCP probe
• hacl-probe 5303/UDP HA Cluster UDP probe
• hacl-local 5304/TCP HA Cluster commands
• hacl-test 5305/TCP HA Cluster test
The ports reserved for authentication are also used by Serviceguard:
• auth 113/TCP authentication
• auth 113/UDP authentication
In addition, Serviceguard also uses dynamic ports (typically in the range 49152-65535)
for some cluster services. If you have adjusted the dynamic port range using kernel
tunable parameters alter your rules accordingly.
To determine the range on Linux use the following command:
cat /proc/sys/net/ipv4/ip_local_port_range
System Firewalls
When using a system firewall with Serviceguard for Linux, you must leave open the
ports listed above, and allow specific communications as outlined below:
• To enable intra-cluster communications, each HEARTBEAT_IP network on every
node within the cluster must allow the following communications in both directions
with all other nodes in the cluster:
— TCP on port numbers 5300-5304, and 5408 - and allow only packets with the
SYN flag
— UDP on port numbers 9, 5300, and 5302
— TCP and UDP on dynamic ports (typically 49152-65535)
• If your Serviceguard configuration uses a quorum server, all nodes in the cluster
must allow the following communication to the quorum server IP address:
— TCP on port 1238 - and allow only packets with the SYN flag
Any node providing quorum service for another cluster must allow the following
communication from that cluster’s nodes:
— TCP on port 1238 - and allow only packets with the SYN flag
• Running the cmscanclcommand requires the shell port be open.
There are additional firewall requirements to enable execution of Serviceguard
commands from nodes outside the cluster, such as those listed in cmclnodelist. To
allow execution of Serviceguard commands, follow the guidelines below.
Compatibility Information and Installation Requirements 51