Incorporating External NICs HowTo
--extnetwork external1 \
--ip 192.0.2.2 \
--name station2.example.com \
--netmask 255.255.248.0 \
--gw 192.0.2.100 \
--iftype Ethernet \
00:00:00:00:00:02
NOTE: The options and arguments are displayed on separate lines for clarity.
The following variables were used in this example:
nn Is the first octet of the IP address and gateway IP address.
dd Is the last portion of the MAC address.
3. Examine the command output.
4. If the command output is correct, run the command again, but without the --dryrun option.
For example:
# /opt/hptc/config/sbin/device_config \
--type E --host n19 \
--extnetwork external1 \
--ip 192.0.2.2 \
--name station2.example.com \
--netmask 255.255.248.0 \
--gw 192.0.2.100 \
--iftype Ethernet \
00:00:00:00:00:02
4.4 Update the Firewall Custom Configuration
It may be necessary to update the configuration of the IP firewall on the HP XC system. The
information in this section may not be needed in all cases.
By default, the virtual IP ports 22 (ssh) and 443 (https) are open on all physical external Ethernet
ports per node. The prototype files for configuring these ports are capable of configuring up to
five external Ethernet ports. You can easily edit the /etc/sysconfig/iptables.proto file
to extend the port configuration.
If a service is not aware of the external physical Ethernet port, it will not be able to communicate
through its corresponding virtual ports unless you custom configure the firewall.
As shipped, the firewall prototype file, /etc/sysconfig/iptables.proto, contains these
lines to configure the firewall:
-A RH-Firewall-1-INPUT -i External -p tcp -m tcp --dport 22 -j ACCEPT
1
-A RH-Firewall-1-INPUT -i External -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -i External1 -p tcp -m tcp --dport 22 -j ACCEPT
2
-A RH-Firewall-1-INPUT -i External1 -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -i External2 -p tcp -m tcp --dport 22 -j ACCEPT
3
-A RH-Firewall-1-INPUT -i External2 -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -i External3 -p tcp -m tcp --dport 22 -j ACCEPT
4
-A RH-Firewall-1-INPUT -i External3 -p tcp -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -i External4 -p tcp -m tcp --dport 22 -j ACCEPT
5
-A RH-Firewall-1-INPUT -i External4 -p tcp -m tcp --dport 443 -j ACCEPT
1
This line opens virtual port 22 for TCP on the first (non-added) physical external Ethernet
port, External. The subsequent line performs the same function for virtual port 443.
2
This line opens virtual port 22 for TCP on the first additional physical external Ethernet port,
External1. The subsequent line performs the same function for virtual port 443.
3
This line opens virtual port 22 for TCP on the second additional physical external Ethernet
port, External2. The subsequent line performs the same function for virtual port 443.
4
This line opens virtual port 22 for TCP on the third additional physical external Ethernet
port, External3. The subsequent line performs the same function for virtual port 443.
4 Applying the HowTo 17