Firewall Ports Cluster Configuration

T

tempes

Active Member
Sep 27, 2013
7
0
41
Hello Community,

i would like to know which ports have to be open to get a fully functional cluster (2 Nodes)

Port 8006 (webinterface)
Port 5900-59xx (Console Sessions)
Port 22 (for SSH)

which Ports and Protocols are missing in my list..?

- When I close all ports via iptables script ... except the ones above i'll get no "quorum" notification when i try to change for example the storage configuration in my cluster or try to create a new vm .
- I also recognized that when i logon to my prox1 one - i can't see any running vm on prox2 (the computerscreen icons are black,not white)...

any help , any idea ?
 
dietmar said:
If you run a cluster you also need CMAN multicast UDP ports 5404 and 5405.

I just updated: http://pve.proxmox.com/wiki/Ports
Click to expand...

Thanks a lot,

i tried... but now i have the problem when i try to change or to save a new backup configuration for example at node 1 i get following error(s):

unable to open file:/etc/pve/vzdump.cron.tmp.62581 - Premission denied (500)

what i did, i allowed the complete traffic tcp+udb between the nodes
for the "wan-ip" and the "lan-ips"

shoud i restart a service, after setting iptables ?
what could cause this problem

first i allowed the specific ports, but then it didn't work and now the complete traffic is allowed but I run in this error...

any help , any idea?
 
tempes said:
shoud i restart a service, after setting iptables ?
what could cause this problem
Click to expand...

You only need to restart things if you block important traffic (like the post listed on the wiki).

# service pve-cluster restart
# service pvedaemon restart
# service pveproxy restart
# service pvestatd restart
 
When setting up a Proxmox cluster, you need to ensure that certain ports are open to allow for proper communication between the nodes. In addition to the standard ports 22 (SSH) and 8006 (Proxmox web interface), you should open the following ports:

  1. 8007-8009: For Proxmox VE cluster traffic.
  2. 5900-5999: For SPICE console connections.
  3. 3128: For Proxmox VE HA (High Availability) manager.
  4. 5404-5405: For corosync (cluster communication).
  5. 60000-60050: For Proxmox VE backup and migration traffic.
Here's a summary of the ports to open:

  • 22: SSH
  • 8006: Proxmox web interface
  • 8007-8009: Proxmox VE cluster traffic
  • 5900-5999: SPICE console connections
  • 3128: Proxmox VE HA manager
  • 5404-5405: Corosync cluster communication
  • 60000-60050: Proxmox VE backup and migration traffic
By ensuring these ports are open, you should be able to set up and manage your Proxmox cluster without any issues. Make sure to configure your firewall rules accordingly to allow traffic through these ports.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back