Table of Contents
Advertisement
CHAPTER 4 Work Required After Operating System Installation
4.4.4
Checking the firewall function (releasing ports)
If the port has not been released during the firewall setting, release the ports required
for PSA operation. Specifically, release the following ports for the management LAN
interfaces that have been set:
• snmp port
• snmptrap port
• web-mmb communication port : tcp / fj-webgate or 24450 (*2)
• rmcp+ port
• localhost snmp port
• psa-mmb communication port : tcp/MMB side 5000 (Note 3) (to the virtual IP
*1 Release the port only when a PCL linkage is used.
Use the iptables command for checking the firewall setting.
*2 web-mmb communication port
*3 This is communication for the MMB 5000 port.
Because the partition operates as the client under this communication, the port
number used at the partition side is undefined. (Any number from tcp/1025 to
65535 is selected for one port.)
Moreover, as indicated in the example below, no setting is required for port
number 5000 when connection startup from the partition is enabled, or when
communication is enabled for connection with the partition that has been
established.
(Example)iptables -A OUTPUT -m state --state NEW,ESTABLISH -j ACCEPT
Command syntax:
/sbin/iptables –L
Use the iptables command or another command to release the port. For the usage, see
command man.
Command syntax:
/usr/bin/man iptables
4-56
iptables -A INPUT -m state --state ESTABLISH -j ACCEPT
: udp / snmp or 161
: udp / snmptrap or 162 (*1) (to the physical IP
address of the MMB (both systems))
(to the virtual IP address of the MMB)
: udp/7000 to 7100 (*1) (to the physical IP
address of the MMB (both systems))
: udp/1025-65535
address of the MMB)
icmp/icmp-type0, icmp-type8 (to the virtual IP
address of the MMB)
C122-E001-10EN
Advertisement
Chapters
Table of Contents
