[Lustre-discuss] mounting lustre client behind firewall

Brian J. Murrell Brian.Murrell at Sun.COM
Tue Oct 13 09:03:13 PDT 2009


On Tue, 2009-10-13 at 11:53 -0400, Yujun Wu wrote:
> Hello Aaron,
> 
> Thanks for your info. Does this mean the client side have to open
> both inbound and outbound port on 988 all the way between servers
> and clients?

No.  As Aaron said, the connection would be initiated from a source port
< 1024 (by default).  If you have a stateful/connecection-tracking
firewall, then just opening port 988 from clients to servers should be
enough.  If your firewall is not stateless/connection-tracking, then you
would need a rule for all servers with source port 988 and destination
ports < 1024 to all clients.

b.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20091013/7878199b/attachment.pgp>


More information about the lustre-discuss mailing list