Manualshelf

HP XC System Software Administration Guide Version 2.1

ManualsBrandsHP ManualsSoftwareHP XC 1 Processor LTU
71727374757677787980
The list of interfaces specified by the --interf
ace option must not contain
any space characters.
# openipport --port 44 --protocol udp \
--interface Admin,Interconnect,lo --verbose
The following examp le also opens port 44 in the firewall on no de n3; this example uses th e
same protocol and interface options as the previous example. The cexec command is used to
update node n3 and ensure that a log file records this command.
# cexec -w n3 "openipport --port 44 --protocol udp \
--interface Admin,Interconnect,lo --verbose"
Except for the head node, th e effect of this command is overwritten when t he no des a re
reimaged.
8.2.2 Opening an IP Port in the Firewall Persistently
The /etc/sysconfig/iptables.proto file was developed so that IP port openings
in the firewall p ersist after node reimaging.
During th e operation of the nconfig command o n each node, the /etc/sysconfig/ipt-
ables.proto file on the head no de is used to generate the /etc/sysconfig/iptables
file for each node in the HP XC system.
The form of the iptables.proto fil e is similar to the /etc/sysconfig/iptables
file with the notable difference that the following m nem onics are used to represent the interface
names:
External (external network Ethernet)
Admin (a dministration network)
Interconnect (system interconnect)
lo (Loopback)
These interface names, which are introduced w ith the -i option, are resolved autom atically to
the d evice nam e during the operation of the nconfig command on each node.
The following procedure updates the iptables.proto file to open port 389 using the tcp
protocol on the external and administrative interfaces:
1. Log in as superuser on the head node.
2. Use the text editor of your choice to add the following lines to the
/etc/sysconfig/iptables.proto file:
______________________ Notes ______________________
For clarity, th e mn emonics for the i nter face ar e s hown in bold a n d the
noncomment lines span two lines. Noncomment lines each must take only one
line in the iptables.proto file.
These lines must be placed before the following line:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# set up port 389 on Interconnect interface:
-A RH-Firewall-1-INPUT -i Interconnect -p tcp -m tcp
--dport 389 -j ACCEPT
# setup port 389 on admin interface
-A RH-Firewall-1-INPUT -i Admin -p tcp -m tcp
--dport 389 -j ACCEPT
OpeninganIPPortintheFirewall 8-3