SNO / SSFS network port access / firewall

Robert Leong -

Dedicating certain ports for firewalls helps to secure the IBM Spectrum Scale management GUI.

The following table lists the ports that need to be used to secure GUI.

Port Number

Functions

Protocol

47080

Management GUI

HTTP, localhost only

47443

Management GUI

HTTPS, localhost only

80

Management GUI

IBM Spectrum Scale management API

HTTP

443

Management GUI

IBM Spectrum Scale management API

HTTPS

4444

Management GUI

Localhost only

4739, 9085, and 9084

Performance monitoring collector

N/A

Table 1. Firewall recommendations for GUI

 

From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-spectrum-scale-gui>

 

 

Port usage for BLOCK service

Port Number

Protocol

Service Name

Components that are involved in communication

3260

TCP

BLOCK (iSCSI)

IBM Spectrum Scale protocol node (when the BLOCK service is enabled) listening on this port

Table 3. Recommended port numbers for iSCSI access

 

From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-protocol-access>

 

 

Consolidated list of recommended ports that are used for installation, internal communication, and protocol access

The following table provides a consolidated list of recommended ports and firewall rules.

Function

Dependent network service names

External ports that are used for file and object access

Internal ports that are used for inter-cluster communication

UDP / TCP

Nodes for which the rules are applicable

GPFS (internal communication)

GPFS

N/A

1191 (GPFS)

60000-61000 for tscCmdPortRange

22 for SSH

TCP and UDP

TCP only for 22

GPFS server, NSD server, protocol nodes

SMB

gpfs-smb.service

gpfs-ctdb.service

rpc.statd

445

4379 (CTDB)

TCP

Protocol nodes only

NFS

gpfs.ganesha.nfsd

rpcbind

rpc.statd

2049 (NFS_PORT - required only by NFSV3)

111 (RPC - required only by NFSV3)

32765 (STATD_PORT)

32767 (MNT_PORT - required only by NFSV3)

32768 (RQUOTA_PORT - required by both NFSV3 and NFSV4)

32769 (NLM_PORT - required only by NFSV3)

Note: Make the dynamic ports static with command mmnfs config change .

N/A

TCP and UDP

Protocol nodes only

Table 7. Consolidated list of recommended ports for different functions

 

From <https://www.ibm.com/docs/en/spectrum-scale/5.0.5?topic=firewall-recommendations-protocol-access>

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.