HP-UX IPFilter Version A.03.05.14 Administrator's Guide
HP-UX IPFilter and Serviceguard
Using HP-UX IPFilter with Serviceguard
Chapter 10144
In the previous set of rules,
<clusternodes>
are all nodes in the cluster,
<remote node name>
is the specific remote node, and
<remotenodes>
are all other nodes outside the cluster that are designated in the
cmclnodelist file for remote command access.
Running the cmscancl command requires the “shell” port be open.
Cluster Object Manager If you are using a Cluster Object Manager
(COM) on a node outside of the cluster to provide connections to
Serviceguard Manager clients, each node in the cluster must have the
following rules configured:
pass in quick proto tcp from
<comnode>
to
<clusternodes>
port =
5302 flags S keep state
pass in quick proto udp from
<comnode>
to
<clusternodes>
port =
5302 keep state
pass out quick proto tcp from
<clusternodes>
to
<comnode>
port
49151 >< 65536 keep state
pass out quick proto udp from
<clusternodes>
to
<comnode>
port
49151 >< 65536 keep state
The node running COM must have the following rules configured:
pass in quick proto tcp from
<comclient>
to
<comnode>
port =
5303 flags S keep state
pass in quick proto tcp from
<clusternodes>
to
<comnode>
port
49151 >< 65536 keep state
pass in quick proto udp from
<clusternodes>
to
<comnode>
port
49151 >< 65536 keep state
pass out quick proto tcp from
<comnode>
to
<clusternodes>
port
= 5302 flags S keep state
pass out quick proto udp from
<comnode>
to
<clusternodes>
port
= 5302 keep state
Each COM client must have the following rules configured:
pass out quick proto tcp from
<comclient>
to
<comnode>
port =
5303 flags S keep state
In the previous set of rules,
<clusternodes>
are all nodes in the cluster,
<comclient>
are nodes that are clients of COM for Serviceguard
Manager or Continental Clusters products, and
<comnode>
is the node
running the COM.