HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and Serviceguard
Using HP-UX IPFilter with Serviceguard
Chapter 10 143
Running the cmscancl command requires the “shell” port be open.
Quorum Server If your Serviceguard configuration uses a Quorum
Server, each node in the cluster must have the following rule configured:
pass out quick proto tcp from
<clusternodes>
to
<quorumserver>
port = 1238 flags S keep state
Any node providing Quorum Service for another cluster must have the
following rule configured:
pass in quick proto tcp from
<clusternodes>
to
<quorumserver>
port = 1238 flags S keep state
In the previous set of rules,
<clusternodes>
are all nodes in the cluster
utilizing the Quorum Service and
<quorumserver>
is the IP address
used to access the Serviceguard Quorum Service software.
Remote Command Execution If you want nodes outside the cluster
to execute Serviceguard commands, as specified in the
etc/cmcluster/cmclnodelist file, additional rules are required.
Each node in the cluster must have the following rules configured:
pass in quick proto tcp from
<remotenodes>
to
<clusternodes>
port = 5302 flags S keep state
pass in quick proto udp from
<remotenodes>
to
<clusternodes>
port = 5302 keep state
pass out quick proto tcp from
<clusternodes>
to
<remote node
name>
port 49151><65536 keep state
pass out quick proto udp from
<clusternodes>
to
<remote node
name>
port 49151><65536 keep state
Each remote node must have the following rules configured:
pass in quick proto tcp from
<clusternodes>
to
<remote node
name>
port 49151 >< 65536 keep state
pass in quick proto udp from
<clusternodes>
to
<remote node
name>
port 49151 >< 65536 keep state
pass out quick proto tcp from
<remotenodes>
to
<clusternodes>
port = 5302 flags S keep state
pass out quick proto udp from
<remotenodes>
to
<clusternodes>
port = 5302 keep state