HP XC System Software Administration Guide Version 2.1

ManualsBrandsHP ManualsSoftwareHP XC 1 Processor LTU

Table 8-2: Open Internal Ports in the Firewall

Port

Service

Protocol Use

ssh

tcp

Secure user logins and file transfers

smtp tcp

Mail server

tftp udp

Trivial transfer protocol

111

sunrpc

udp/tcp

RPC-based code

123

ntp

udp/tcp

Network Time Protocol

443

https

tcp

Secure Hypertext Transfer Protocol

514

syslog

tcp

System logger

873

rsync

tcp

rsync utility

1024 to 65535

various

tcp/udp

Required for SLURM and LSF-HPC

The default setup has all other ports o n all internal interfaces restricted. For the security of your

system, it is recommended that you leave these firewall settings at their default settings. If you

need to add a service that require s yo u to open any of the restricted ports, s ee Section 8.2 .1 or

Section 8.2.2.

8.2 Opening Ports in the Firewall

________________________ Caution _______________________

Opening an IP port can constitute a breach of security. Use the following

information w ith care.

You can open a port in the firewall on any node by using the openipport command; however,

that port opening specification is overwritten when the node is reimaged. The exception is

the head node, which as the golden client, is not reimaged. This command is d escrib e d in

Section 8.2.1.

Alternatively, you can open an IP port in the firewall globally o

n all the n odes by updating

a single file; the port remains open after the nodes are reim aged

. This is the sub ject of

Section 8.2.2.

8.2.1 Opening a Temporary Port in the Firewall

The openipport com mand e nables the superuser to open an IP service port in the firewall

given the port number to open, the protocol to be used, and the list of interfaces.

• The port number to open

• The protocol to be used

• The list of interfaces on which the port is to be opened

Typically, you wo uld use the openipport command for each defined interface except the

external interface.

The following example opens port 44 in th e firewall for the udp protocol on the Admin,

Interconnect,andloopback interfaces on the current node. The --verbose option

displays error m essages, if any.

________________________ Notes ________________________

The commands in the following examples use line continuation with the backslash

character (\) to fit the commands horizontally on the page. You can enter these

commands on o ne l ine.

8-2 OpeninganIPPortintheFirewall