GlusterFS firewall rules
Category : How-to
If you can, your storage servers should be in a secure zone in your network removing the need to firewall each machine. Inspecting packets incurs an overhead, not something you need on a high performance file server so you should not run a file server in an insecure zone. If you are using GlusterFS behind a firewall you will need to allow several ports for GlusterFS to communicate with clients and other servers. The following ports are all TCP:
Note: the brick ports have changed since version 3.4.
- 24007 – Gluster Daemon
- 24008 – Management
- 24009 and greater (GlusterFS versions less than 3.4) OR
- 49152 (GlusterFS versions 3.4 and later) – Each brick for every volume on your host requires it’s own port. For every new brick, one new port will be used starting at 24009 for GlusterFS versions below 3.4 and 49152 for version 3.4 and above. If you have one volume with two bricks, you will need to open 24009 – 24010 (or 49152 – 49153).
- 38465 – 38467 – this is required if you by the Gluster NFS service.
The following ports are TCP and UDP:
- 111 – portmapper