MariaDB Galera firewall configuration

Updated at 2014-10-06 12:20:47 by ospi

Shorewall configuration for galera with default port configuration, nodes reside in IP range of 10.1.1.20 - 10.1.1.24

# Galera cluster connections in
MySQL(ACCEPT)   net:10.1.1.20/30 $FW                           # MySQL
ACCEPT          net:10.1.1.20/30 $FW              tcp     4567 # Galera cluster
ACCEPT          net:10.1.1.20/30 $FW              tcp     4568 # Galera IST
ACCEPT          net:10.1.1.20/30 $FW              tcp     4444 # Galera SST

# Galera cluster connections out
MySQL(ACCEPT)   $FW              net:10.1.1.20/30              # MySQL
ACCEPT          $FW              net:10.1.1.20/30 tcp     4567 # Galera cluster
ACCEPT          $FW              net:10.1.1.20/30 tcp     4568 # Galera IST
ACCEPT          $FW              net:10.1.1.20/30 tcp     4444 # Galera SST

Changing galera cluster port to 6666 in /etc/my.cnf (default 4567). Note. This will also affect the IST port as it defaults to base_port + 1 (6667 in this case).

wsrep_cluster_address=gcomm://10.1.1.20:6666,10.1.1.21:6666 and so on...
wsrep_provider_options='base_port=6666;'

Changing galera SST port to 7777 in /etc/my.cnf (default 4444)

wsrep_sst_receive_address=10.1.1.10:7777

Changing galera IST port to 8888 in /etc/my.cnf (default 4568, galera base_port+1)

wsrep_provider_options='ist.recv_addr=10.1.1.10:8888;'

Leave a comment