[rabbitmq-discuss] Firewall Issues

Tony Garnock-Jones tonyg at lshift.net
Tue May 11 10:16:24 BST 2010


Hi Kenneth,

If you're just speaking AMQP between (P1 and MQ) and (P2 and MQ), port 5672
should be all you need open. I'm curious though, which *direction* are
connections running between the hosts? Does P1 only ever connect to MQ, or does
MQ sometimes connect to P1? How are you relaying messages -- using shovel, or
something else?

Tony


Kenneth Loafman wrote:
> Will test it tonight and let you know.
> 
> ...Thanks,
> ...Ken
> 
> Matt Calder wrote:
>> By default erlang uses 4369.
>>
>> Matt
>>
>> On Mon, May 10, 2010 at 10:29 AM, Kenneth Loafman <kenneth at loafman.com> wrote:
>>> What erlang ports?  Just 5672:tcp.
>>>
>>> ...Ken
>>>
>>> Matt Calder wrote:
>>>> Ken,
>>>>
>>>> Are the erlang ports open?
>>>>
>>>> Matt
>>>>
>>>> On Mon, May 10, 2010 at 10:21 AM, Kenneth Loafman <kenneth at loafman.com> wrote:
>>>>> Nope, just a single node service at this point.  P1 and P2 do not even
>>>>> have RabbitMQ installed, they are just MQ clients.  I should have noted
>>>>> that in my original message.
>>>>>
>>>>> The process has worked well for months prior to adding the firewall.
>>>>>
>>>>> ...Ken
>>>>>
>>>>> Matt Calder wrote:
>>>>>> Ken,
>>>>>>
>>>>>> It looks like you are setting up a cluster, if so, are they sharing
>>>>>> the same cookie?
>>>>>>
>>>>>> I just went through starting a cluster here is my step-by-step:
>>>>>>
>>>>>> 1) Start a cluster of rabbits.
>>>>>> Assume cluster is on: hostA, hostB (for example)
>>>>>>
>>>>>> # The rabbitmq processes must be running with the same cookie
>>>>>> hostA> sudo rabbitmqctl stop
>>>>>> hostA> sudo /etc/init.d/rabbitmq-server stop
>>>>>> hostA> sudo rm ~rabbitmq/.erlang.cookie
>>>>>> hostA> sudo echo ABC123 | sudo tee ~rabbitmq/.erlang.cookie
>>>>>> hostA> sudo chmod 400 ~rabbitmq/.erlang.cookie
>>>>>> hostA> sudo chown rabbitmq ~rabbitmq/.erlang.cookie
>>>>>> hostA> sudo chgrp rabbitmq ~rabbitmq/.erlang.cookie
>>>>>> hostA> sudo /etc/init.d/rabbitmq-server start
>>>>>>
>>>>>> repeat for hostB
>>>>>>
>>>>>> # On join hostB to hostA
>>>>>> hostB> sudo rabbitmqctl stop_app
>>>>>> hostB> sudo rabbitmqctl reset
>>>>>> hostB> sudo rabbitmqctl cluster rabbit at hostA
>>>>>>
>>>>>> Hope that helps.
>>>>>>
>>>>>> Matt
>>>>>>
>>>>>>
>>>>>> On Mon, May 10, 2010 at 10:05 AM, Kenneth Loafman <kenneth at loafman.com> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I've got RabbitMQ up on three machines and wanted to add a firewall.
>>>>>>> The configuration is simple, MQ serves input to P1 and P2 which do all
>>>>>>> the processing.
>>>>>>>
>>>>>>>       MQ
>>>>>>>      /  \
>>>>>>>    P1    P2
>>>>>>>
>>>>>>> I opened the port 5672:tcp on all machines and between two machines, MQ
>>>>>>> and P1, that seems to work.  When I added P2, it immediately got a
>>>>>>> 'connection refused' message.  All machines are running Ubuntu 9.10 and
>>>>>>> rabbitmq-server 1.7.2.  P1 and P2 are identical as far as I can tell.
>>>>>>>
>>>>>>> Any help would be appreciated.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> ...Ken
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> rabbitmq-discuss mailing list
>>>>>>> rabbitmq-discuss at lists.rabbitmq.com
>>>>>>> http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>>>>>>>
>>>>> _______________________________________________
>>>>> rabbitmq-discuss mailing list
>>>>> rabbitmq-discuss at lists.rabbitmq.com
>>>>> http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>>>>>
>>> _______________________________________________
>>> rabbitmq-discuss mailing list
>>> rabbitmq-discuss at lists.rabbitmq.com
>>> http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
>>>
> 
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
> http://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss



More information about the rabbitmq-discuss mailing list