Dedicating certain ports for firewalls helps to secure the IBM Spectrum Scale management GUI.
The following table lists the ports that need to be used to secure GUI.
Port Number |
Functions |
Protocol |
47080 |
Management GUI |
HTTP, localhost only |
47443 |
Management GUI |
HTTPS, localhost only |
80 |
Management GUI IBM Spectrum Scale management API |
HTTP |
443 |
Management GUI IBM Spectrum Scale management API |
HTTPS |
4444 |
Management GUI |
Localhost only |
4739, 9085, and 9084 |
Performance monitoring collector |
N/A |
Table 1. Firewall recommendations for GUI
From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-spectrum-scale-gui>
Port usage for BLOCK service
Port Number |
Protocol |
Service Name |
Components that are involved in communication |
3260 |
TCP |
BLOCK (iSCSI) |
IBM Spectrum Scale protocol node (when the BLOCK service is enabled) listening on this port |
Table 3. Recommended port numbers for iSCSI access
From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-protocol-access>
Consolidated list of recommended ports that are used for installation, internal communication, and protocol access
The following table provides a consolidated list of recommended ports and firewall rules.
Function |
Dependent network service names |
External ports that are used for file and object access |
Internal ports that are used for inter-cluster communication |
UDP / TCP |
Nodes for which the rules are applicable |
GPFS (internal communication) |
GPFS |
N/A |
1191 (GPFS) 60000-61000 for tscCmdPortRange 22 for SSH |
TCP and UDP TCP only for 22 |
GPFS server, NSD server, protocol nodes |
SMB |
gpfs-smb.service gpfs-ctdb.service rpc.statd |
445 |
4379 (CTDB) |
TCP |
Protocol nodes only |
NFS |
gpfs.ganesha.nfsd rpcbind rpc.statd |
2049 (NFS_PORT - required only by NFSV3) 111 (RPC - required only by NFSV3) 32765 (STATD_PORT) 32767 (MNT_PORT - required only by NFSV3) 32768 (RQUOTA_PORT - required by both NFSV3 and NFSV4) 32769 (NLM_PORT - required only by NFSV3) Note: Make the dynamic ports static with command mmnfs config change . |
N/A |
TCP and UDP |
Protocol nodes only |
Table 7. Consolidated list of recommended ports for different functions
From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-protocol-access>
0 Comments