GlusterFS + IPtables

1. What ports does Gluster need?

Preferably, your storage environment should be located on a safe segment of your network where firewall is not necessary. In the real world, that simply isn't possible for all environments. If you are willing to accept the potential performance loss of running a firewall, you need to know that Gluster makes use of the following ports:
- 24007 TCP for the Gluster Daemon
- 24008 TCP for Infiniband management (optional unless you are using IB)
- One TCP port for each brick in a volume. So, for example, if you have 4 bricks in a volume, port 24009 – 24012 would be used in GlusterFS 3.3 & below, 49152 - 49155 from GlusterFS 3.4 & later.
- 38465, 38466 and 38467 TCP for the inline Gluster NFS server.
- Additionally, port 111 TCP and UDP (since always) and port 2049 TCP-only (from GlusterFS 3.4 & later) are used for port mapper and should be open.
Note: by default Gluster/NFS does not provide services over UDP, it is TCP only. You would need to enable the nfs.mount-udp option if you want to add UDP support for the MOUNT protocol. That's completely optional and is up to your judgement to use.

Vie:
- 24007 TCP tiến trình gluster
- 24008 TCP quản lý đường Infiniband
- 111 TCP tiến trình map port (RPC)
- 38465:38467 TCP kết nối trực tiếp đến IP GlusterFS server (đại diện cho volume mount)
Mở với mỗi IP của brick:
- 24009:24009+n TCP với n là số brick trong volume (bản GlusterFS cũ hơn ver 3.4)
- 38465:38465+n TCP với n là số brick trong volume (bản GlusterFS mới hơn từ ver 3.4)

# Gluster client IP: 232, 237
-A RH-Firewall-1-OUTPUT -m state --state NEW -m tcp -p tcp --dport 24007:24008 -d 10.58.49.232/32 -j ACCEPT -m comment --comment "mount nfs client"
-A RH-Firewall-1-OUTPUT -m state --state NEW -m tcp -p tcp --dport 111 -d 10.58.49.232/32 -j ACCEPT -m comment --comment "mount nfs client"
-A RH-Firewall-1-OUTPUT -m state --state NEW -m udp -p udp --dport 111 -d 10.58.49.232/32 -j ACCEPT -m comment --comment "mount nfs client"
-A RH-Firewall-1-OUTPUT -m state --state NEW -m tcp -p tcp --dport 49152:49154 -d 10.58.49.232/32 -j ACCEPT -m comment --comment "mount nfs brick1 client"
-A RH-Firewall-1-OUTPUT -m state --state NEW -m tcp -p tcp --dport 49152:49154 -d 10.58.49.237/32 -j ACCEPT -m comment --comment "mount nfs brick2 client"
-A RH-Firewall-1-OUTPUT -m state --state NEW -m tcp -p tcp --dport 38465:38467 -d 10.58.49.232/32 -j ACCEPT -m comment --comment "mount nfs client"