Difference between revisions of "OpenHPC: Configure Firewalld"

From Define Wiki
Jump to navigation Jump to search
Line 2: Line 2:
  
 
<syntaxhighlight>
 
<syntaxhighlight>
firewall-cmd --zone=external --add-interface=eno2 --permanent
+
firewall-cmd --zone=external --add-interface=enp1s0f1 --permanent
firewall-cmd --zone=internal --add-interface=eno1 --permanent
+
firewall-cmd --zone=internal --add-interface=enp1s0f0 --permanent
  
 
firewall-cmd --zone=external --add-masquerade --permanent
 
firewall-cmd --zone=external --add-masquerade --permanent
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o eno2 -j MASQUERADE -s 10.10.10.0/24
+
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o enp1s0f1 -j MASQUERADE
 
firewall-cmd --permanent --zone=internal --add-service=dhcp
 
firewall-cmd --permanent --zone=internal --add-service=dhcp
 
firewall-cmd --permanent --zone=internal --add-service=tftp
 
firewall-cmd --permanent --zone=internal --add-service=tftp

Revision as of 14:14, 9 March 2016

Configuring Firewalld to forward traffic between Internal and External Interfaces

firewall-cmd --zone=external --add-interface=enp1s0f1 --permanent
firewall-cmd --zone=internal --add-interface=enp1s0f0 --permanent

firewall-cmd --zone=external --add-masquerade --permanent
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o enp1s0f1 -j MASQUERADE
firewall-cmd --permanent --zone=internal --add-service=dhcp
firewall-cmd --permanent --zone=internal --add-service=tftp
firewall-cmd --permanent --zone=internal --add-service=dns
firewall-cmd --permanent --zone=internal --add-service=http
firewall-cmd --permanent --zone=internal --add-service=nfs
firewall-cmd --permanent --zone=internal --add-service=ssh
firewall-cmd --permanent --zone=internal --add-service=mountd
firewall-cmd --permanent --zone=internal --add-service=rpc-bind
firewall-cmd --complete-reload
firewall-cmd --list-all-zones

Add ports to the internal firewall to allow functionality such as SLURM, NFS and Ganglia

firewall-cmd --permanent --zone=internal --add-port=6817/tcp
firewall-cmd --permanent --zone=internal --add-port=6817/udp
firewall-cmd --permanent --zone=internal --add-port=6818/tcp
firewall-cmd --permanent --zone=internal --add-port=6818/udp
firewall-cmd --permanent --zone=external --add-service=http
firewall-cmd --permanent --zone=external --add-service=https
firewall-cmd --permanent --zone=internal --add-port=8660/tcp
firewall-cmd --permanent --zone=internal --add-port=8661/tcp
firewall-cmd --permanent --zone=internal --add-port=8662/tcp
firewall-cmd --permanent --zone=internal --add-port=8663/tcp
firewall-cmd --permanent --zone=internal --add-port=8660/udp
firewall-cmd --permanent --zone=internal --add-port=8661/udp
firewall-cmd --permanent --zone=internal --add-port=8662/udp
firewall-cmd --permanent --zone=internal --add-port=8663/udp
firewall-cmd --permanent --zone=internal --add-port=8651/udp
firewall-cmd --permanent --zone=internal --add-port=8651/tcp
systemctl restart firewalld
Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=OpenHPC:_Configure_Firewalld&oldid=12561"