Manualshelf

HP XC System Software Administration Guide Version 3.0

ManualsBrandsHP ManualsSoftwareHP XC System 3.x Software
919293949596979899100
The following example opens port 44 in the firewall for the udp protocol on the Admin, Interconnect,
and loopback interfaces on the current node. The --verbose option displays error messages, if any.
Notes
The commands in the following examples use line continuation with the backslash character (\) to fit the
commands horizontally on the page. You can enter these commands on one line.
The list of interfaces specified by the --interface option must not contain any space characters.
# openipport --port 44 --protocol udp \
--interface Admin,Interconnect,lo --verbose
The following example also opens port 44 in the firewall on node n3; this example uses the same protocol
and interface options as the previous example. The cexec command updates node n3 and ensures that a
log file records this command.
# cexec -w n3 "openipport --port 44 --protocol udp \
--interface Admin,Interconnect,lo --verbose"
Except for the head node, the effect of this command is overwritten when the nodes are reimaged.
Opening an IP Port in the Firewall Persistently
The /etc/sysconfig/iptables.proto file was developed so that IP port openings in the firewall persist
after node reimaging.
During the operation of the nconfig command on each node, the /etc/sysconfig/iptables.proto
file on the head node is used to generate the /etc/sysconfig/iptables file for each node in the HP
XC system.
The form of the iptables.proto file is similar to the /etc/sysconfig/iptables file, with the notable
difference that the following mnemonics are used to represent the interface names:
External (external network — Ethernet)
Admin (administration network)
Interconnect (system interconnect)
lo (loopback)
These interface names, which are introduced with the -i option, resolve automatically to the device name
during the operation of the nconfig command on each node.
The following procedure updates the iptables.proto file to open port 389 using the tcp protocol on
the Interconnect and Administrative interfaces:
1. Log in as superuser on the head node.
2. Use the text editor of your choice to add the following lines to the /etc/sysconfig/iptables.proto
file:
Notes
For clarity, the mnemonics for the interface are shown in bold and the noncomment lines span two
lines. Noncomment lines each must take only one line in the iptables.proto file.
These lines must be placed before the following line:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# set up port 389 on Interconnect interface:
-A RH-Firewall-1-INPUT -i Interconnect -p tcp -m tcp
--dport 389 -j ACCEPT
# setup port 389 on admin interface
-A RH-Firewall-1-INPUT -i Admin -p tcp -m tcp
--dport 389 -j ACCEPT
This portion of the /etc/sysconfig/iptables.proto file should resemble the following:
Opening Ports in the Firewall 93