From 337a2d42384936e90900c938e9af9591131c435c Mon Sep 17 00:00:00 2001 From: Marco Gabriel via pve-devel Date: Fri, 6 May 2022 09:52:39 +0200 Subject: [PATCH] fix #4319: use corred port range for corosync v3.x corosync v2 used ports 5405 and 5404, but corosync v3 uses ports 5405-5412. Signed-off-by: Marco Gabriel --- pve-firewall.adoc | 6 +++--- pvecm.adoc | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pve-firewall.adoc b/pve-firewall.adoc index b759b91..55c8804 100644 --- a/pve-firewall.adoc +++ b/pve-firewall.adoc @@ -426,7 +426,7 @@ following traffic is still allowed for all {pve} hosts in the cluster: * TCP traffic from management hosts to port 3128 for connections to the SPICE proxy * TCP traffic from management hosts to port 22 to allow ssh access -* UDP traffic in the cluster network to port 5404 and 5405 for corosync +* UDP traffic in the cluster network to ports 5405-5412 for corosync * UDP multicast traffic in the cluster network * ICMP traffic type 3 (Destination Unreachable), 4 (congestion control) or 11 (Time Exceeded) @@ -435,7 +435,7 @@ The following traffic is dropped, but not logged even with logging enabled: * TCP connections with invalid connection state * Broadcast, multicast and anycast traffic not related to corosync, i.e., not - coming through port 5404 or 5405 + coming through ports 5405-5412 * TCP traffic to port 43 * UDP traffic to ports 135 and 445 * UDP traffic to the port range 137 to 139 @@ -634,7 +634,7 @@ Ports used by {pve} * sshd (used for cluster actions): 22 (TCP) * rpcbind: 111 (UDP) * sendmail: 25 (TCP, outgoing) -* corosync cluster traffic: 5404, 5405 UDP +* corosync cluster traffic: 5405-5412 UDP * live migration (VM memory and local-disk data): 60000-60050 (TCP) ifdef::manvolnum[] diff --git a/pvecm.adoc b/pvecm.adoc index ab1fbe7..4bf2d53 100644 --- a/pvecm.adoc +++ b/pvecm.adoc @@ -58,7 +58,7 @@ Grouping nodes into a cluster has the following advantages: Requirements ------------ -* All nodes must be able to connect to each other via UDP ports 5404 and 5405 +* All nodes must be able to connect to each other via UDP ports 5405-5412 for corosync to work. * Date and time must be synchronized.