So what is the considerations on having 5 over 10 or 1? Is there a reasonable criteria that can be used to determine what an appropriate number of ports that should be allocated?<br><br><div class="gmail_quote">On Fri, Mar 16, 2012 at 12:56 PM, Emile Joubert <span dir="ltr"><<a href="mailto:emile@rabbitmq.com">emile@rabbitmq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hi John,<br>
<br>
I assume that you established the reason for the clustering problems<br>
encountered earlier was due to firewall configuration.<br>
<br>
On 16/03/12 17:25, John Stoner wrote:<br>
> We're looking to open fewer ports, not more./ /Is there a minimum we<br>
<div class="im">> could do? Would one work, or would it break something else?<br>
<br>
</div>One port is possible (then inet_dist_listen_min = inet_dist_listen_max),<br>
but a small number like 5 is more common. Avoid the ephemeral port range<br>
when you make your selection.<br>
<div class="im"><br>
> Also, we have these ports open to all TCP. In the spirit of securing<br>
> our systems, I guess we could open 4369 only to the IPs of the other<br>
> machines in the cluster. Is that a good idea? Can you think of more<br>
> firewall restrictions to add?<br>
<br>
</div>As discussed previously and above, you need to open at least one port in<br>
addition to the one used by the port mapper daemon. You are free to add<br>
further firewall restrictions, as long as all clusternodes are<br>
accessible from all other clusternodes on the relevant ports, as<br>
discussed here:<br>
<br>
<a href="http://www.rabbitmq.com/clustering.html#firewall" target="_blank">http://www.rabbitmq.com/clustering.html#firewall</a><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
-Emile<br>
<br>
</font></span></blockquote></div><br>