Opening custom ports

If you experience database connection issues, you might need to ensure that the local firewall on each node is allowing requests to reach the node IP address and also check other firewall settings.

Following are the steps to open the ports.

For the list of ports that are allowed by default, see The list of protocols and their default ports.

If you are on versions 1.0.7.3 or lower:
  1. Generate the XML file to open ports. Consult system administrator or vendor documentation for the list of ports and contact IBM Support to ensure the ports do not conflict with any existing rules.
    Example XML to open TCP port 51022 for a service:
    <!--my random service-->
<port protocol="tcp" port="51022"/>
  2. Append the generated firewall XML to /etc/firewalld/customer_override.xml on all three control nodes.
  3. Open the port immediately on all three control nodes:
    firewall-cmd --add-port=51022/tcp --zone=appliance
    firewall-cmd --runtime-to-permanent
If you are on versions 1.0.7.4 or later:
  1. Generate the XML file to open ports. Consult system administrator or vendor documentation for the list of ports and contact IBM Support to ensure the ports do not conflict with any existing rules.
    Example XML to open TCP port 51022 for a service:
    <!--my random service-->
<port protocol="tcp" port="51022"/>
  2. Place the XML on e1n1 in persistent location, for example: /root/my_random_service.xml
  3. Run the command on e1n1 to add rules across all three control nodes:
    /opt/ibm/appliance/platform/xcat/scripts/xcat/firewall_rule_updater.py -a -f /root/my_random_service.xml -n 'node1,node2,node3'