-
1. Firewall setup for Mod_Cluster
jfclere Mar 2, 2011 2:33 AM (in response to heriyanto)Usually you allow the web server to connect to port 8009 on the node(s) that is enough.
-
2. Firewall setup for Mod_Cluster
heriyanto Mar 2, 2011 3:00 AM (in response to jfclere)hai Jean, thanks for the answer
my mod_cluster located at DMZ, so when the web server try to check the node using cping/cpong the web server will send a request using random port to 8009 (CPING) and my jboss node will answer the request to that port ( the random port ) on web server (CPONG), i only open 8009,80 port not open lots of port for web server at the firewall, i try sniff the packet using wireshark, in your case,are you allowed your jboss node to access all port at your web server? couse if i do that then i should open more than 30000 ports, the webserver always using higher random ports.
CMIIW
note: sory for my bad english
-
3. Firewall setup for Mod_Cluster
jfclere Mar 2, 2011 3:59 AM (in response to heriyanto)1 of 1 people found this helpfulYou must be doing something wrong with the firewall configuration usually you have to open 8009 from httpd to jboss nodes and allow the MCP messages from the nodes to httpd. It is tcp connections.
-
4. Firewall setup for Mod_Cluster
heriyanto Mar 2, 2011 10:50 PM (in response to heriyanto)Hai Jean, you absolutely right. After your reply we cek to our DMZ firewall, and we're found some mistake rules in there. Thank you very much Jean you very helpful. Problem solved.
what we do is, open the 8009 port at jboss nodes, then accept source port 8009 at web server, so the jboss nodes can communicate.
Regard,
Heriyanto