Default ports and security settings

IBM® Spectrum Cluster Foundation Community Edition has default security settings. From a network security standpoint, management and compute nodes are not secure. Evaluate the security risks at your site and create appropriate firewall rules to secure the cluster.

The management node is configured with network address translation (NAT), allowing compute nodes access to the public network. Except for the management node, nodes on the public network cannot contact nodes on the private provisioning network. Compute nodes on the private provisioning network can access nodes on the public network.

By default, if the firewall is enabled during IBM Spectrum Cluster Foundation Community Edition management node installation, the following ports are open on the management node:

22 (SSH)
53 (DNS)
80 (HTTP)
443 (Apache HTTPS)
873 (rsync)
3001/3002 (xCATd)
8080 (web server)
5432 (PostgreSQL)
61616 (ActiveMQ)
1099 (PCMd)
10099 (Rule-Engine)
8443 (HTTPs)

The management node server must accept connection requests for the following listening ports used by the monitor agent: 17869, 17870, 17871, 7869, 6878, 6881, and 6882.