Run firewalld with HAAst

Installing HAAst, prerequisites, getting HAAst started, and troubleshooting performance and technical issues. As well, upgrades to HAAst and any underlying software.
Post Reply
User avatar
CRM User
Posts: 172
Joined: Sun Nov 27, 2016 3:41 pm

Run firewalld with HAAst

Post by CRM User » Sat Jul 06, 2019 12:04 am

Although my cluster nodes are protected by our perimeter firewall I would like to use FirewallD on the cluster nodes. However, doing so prevents communications between peers. How to I tell FirewallD to allow traffic between nodes (and from itself for testing)?
Account for questions transferred from CRM system
User avatar
Telium Support
Posts: 233
Joined: Sun Nov 27, 2016 3:27 pm

Re: Run firewalld with HAAst

Post by Telium Support » Sat Jul 06, 2019 12:12 am

Assuming your nodes are 192.168.0.10 and 192.168.0.11 then issue the following commands on both nodes:

Code: Select all

firewall-cmd --new-zone=haast --permanent
firewall-cmd --reload
firewall-cmd --zone=haast --permanent --add-source=192.168.0.10/32
firewall-cmd --zone=haast --permanent --add-source=192.168.0.11/32
firewall-cmd --zone=haast --permanent --add-port=3001/tcp
firewall-cmd --zone=haast --permanent --add-port=3002/tcp
firewall-cmd --zone=haast --permanent --add-port=873/tcp
firewall-cmd --zone=haast --permanent --add-port=3306/tcp
If you want to know exactly what the above does, here is a line-by-line description:
  1. Create a new firewall zone called "haast" and make it permanent (survive the next reboot)
  2. Add the local IP address as a trusted source in zone haast
  3. Add the remote IP address as a trusted source in zone haast
  4. Add the port 3001 (HAAst telnet interface) as accessible from the trusted sources
  5. Add the port 3002 (HAAst peerlinkinterface) as accessible from the trusted sources
  6. Add the port 873 (file sync) as accessible from the trusted sources
  7. Add the port 3306 (mysql sync) as accessible from the trusted sources
Post Reply