Hi Robert,
thanks for your fast reply. I probably misunderstand something, I thought the client binds
to a port itself. I guess, the info you refer to is this:
https://docs.ceph.com/en/latest/rados/configuration/network-config-ref/?hig…
. I read this as the iptables config on the storage servers and am wondering what the
config on a client server should be. Which ports are the clients using - if any?
Thanks!
=================
Frank Schilder
AIT Risø Campus
Bygning 109, rum S14
________________________________________
From: Robert Sander <r.sander(a)heinlein-support.de>
Sent: 10 February 2021 15:28:40
To: ceph-users(a)ceph.io
Subject: [ceph-users] Re: firewall config for ceph fs client
Hi,
Am 10.02.21 um 15:15 schrieb Frank Schilder:
we plan to add a kernel client mount to a server in
our DMZ. I can't find information on how to allow a ceph client to access a ceph
cluster through a firewall.
A CephFS client will always talk to all MONs, MDSs and OSDs in the cluster.
You need ports 3300 and 6789 for the MONs on their IPs and any dynamic
port starting at 6800 used by the OSDs. The MDS also uses a port above 6800.
Regards
--
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
http://www.heinlein-support.de
Tel: 030 / 405051-43
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin