This article describes the ports that needs to be opened in the firewall for Galera, MySQL Cluster, Replication, and HAProxy.
ClusterControl Server
The ClusterControl server should open:
- ICMP (ping)
- 22 (ssh)
- 80 (http)
- 443 (https)
- 3306
- 9500 (between webserver and cmon)
Galera Cluster (Percona XtraDB, MariaDB Galera)
Make sure all nodes can communicate with each other on the following ports. The below lists the default ports:
- ICMP (ping)
- 22 (ssh)
- 3306 (mysql)
- 4444 (rsync / SST)
- 4567 (galera)
- 4568 (galera IST)
- 9999 (Must be open on the controller, streaming port for Xtrabackup)
- 9200 (HAProxy healthcheck)
MySQL Cluster
Make sure all nodes can communicate with each other on the following ports. The below lists the default ports:
- ICMP (ping)
- 22 (ssh)
- 1186 (mysql cluster)
- 2202 (mysql cluster)
- 3306 (mysql)
- 9200 (HAProxy healthcheck)
MySQL Replication
Make sure all nodes can communicate with each other on the following ports. The below lists the default ports:
- ICMP (ping)
- 22 (ssh)
- 3306 (mysql)
- 9999 (Must be open on the controller, streaming port for Xtrabackup)
- 9200 (HAProxy healthcheck)
MongoDB
Make sure all nodes can communicate with each other on the following ports. The below lists the default ports:
- ICMP (ping)
- 22 (ssh)
- 27017 (The default port for mongod and mongos instances)
- 27018 (The default port when running with --shardsvr)
- 27019 (The default port when running with --configsvr)
- 28017 (The default port for the web status page, always accessible at a port number that is 1000greater than the port used for mongod/mongos)
PostgreSQL
Make sure all nodes can communicate with each other on the following ports. The below lists the default ports:
- ICMP (ping)
- 22 (ssh)
- 5432 (postgres)
MaxScale
- 22 (SSH)
- ICMP (echo reply/request)
- 6033 (MaxAdmin - CLI)
- 4006 (Round robin listener)
- 4008 (Read/Write split listener)
- 4442 (Debug information)
HAProxy
Make sure the HAProxy nodes open:
- 9200 (for xinetd)
- 3307 (The port that HAProxy listens on for incoming MySQL requests).
- 3306 (so that HAProxy can route requests to the loadbalanced MySQL servers.
Keepalived
- 22 (SSH)
- ICMP (echo reply/request)
- 224.0.0.0/8 (multicast request)
- IP protocol 112 (VRRP)
Galera Arbitrator (garbd)
- 22 (SSH)
- ICMP (echo reply/request)
- 4567 (Galera)
Comments
1 comment
But there are two problems with this. First, there could be ports opened by other processes between the two netstat runs. Second, MySQL might open other ports after I ran the netstat command the second time.
What is the best way to go about finding all ports being used by MySQL for clustering purposes?
Please sign in to leave a comment.