Here's what I used a while ago in the form of an iptables file, cleansed slightly. As far as I recall I think this was before I customized any of the ports. Sorry for the poor comments, I was pretty tired of the whole process towards the end and became less and less verbose.
# Allow outbound proxy traffic -A custom-rules -p tcp -m tcp --dport 12345 -j ACCEPT # Allow remote SSH -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 22 -j ACCEPT # Allow SSH for file transfer -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT # Allow intra-cluster SSH -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 22 -j ACCEPT # Allow Ambari server access -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8080 -j ACCEPT # Allow Ambari access from subnet -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 8080 -j ACCEPT -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 8440 -j ACCEPT -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 8441 -j ACCEPT # Allow Ambari Agent traffic -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8670 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8441 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8440 -j ACCEPT # Various cluster management -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8020 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 6188 -j ACCEPT # Tons of internal communication -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50070 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50470 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 9000 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50075 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50475 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50010 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50020 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50090 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50030 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8021 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50060 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 51111 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 10000 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 9083 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 60000 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 60010 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 60020 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 60030 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 2888 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 3888 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 2181 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 50111 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8660 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 61 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 62 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 63 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8651 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 3306 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8025 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 16000 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 6667 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 8010 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 16020 -j ACCEPT -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 60414 -j ACCEPT # Access to the web UIs -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 80 -j ACCEPT -A custom-rules -s x.x.x.x/x -p tcp -m tcp --dport 8088 -j ACCEPT # Allow Kafka traffic -A custom-rules -s x.x.x.x -p tcp -m tcp --dport 9092 -j ACCEPT Jon On Tue, May 30, 2017 at 10:09 AM Ali Nazemian <[email protected]> wrote: > I have provided the complete list regarding generic HDP/HDF ports, but I > couldn't find the Metron specific ones... > > On Tue, May 30, 2017 at 11:17 PM, Otto Fowler <[email protected]> > wrote: > >> It is a shame there isn’t a reporting tool for ambari, that can query all >> the configurations in the database and report out ports and hosts……. >> >> >> On May 30, 2017 at 08:34:42, Alex McLintock ([email protected]) wrote: >> >> I have attempted to do this for just HDP and it is rather difficult. One >> of the main problems is that any documentation will point you towards >> default ports for Hadoop - which are not always the ports chosen by >> Hortonworks for HDP. You probably need to look mostly at the ports >> specified in your config files. >> >> I would suggest that you treat all HDP nodes as able to talk to each >> other across all ports - but limit anything which talks to those nodes. >> That is a lot easier. >> >> >> On 30 May 2017 at 10:49, Ali Nazemian <[email protected]> wrote: >> >>> Hi all, >>> >>> For deploying Metron in production, we need to specify all of the port >>> and protocols connectivities. I was wondering how Metron components >>> connected to each other. Is there any document available regarding the >>> ports and connectivities of Metron components? >>> >>> Regards, >>> Ali >>> >> >> >> >> -- >> Want the best UK suppliers? Visit http://SocialConsumer.co.uk/ Draw to >> win £50 >> >> > > > -- > A.Nazemian > -- Jon
