Summary

This article describes how to configure communication between BoKS hosts through a firewall.

The procedure assumes use of default ports for BoKS. If you use another set of ports, modify the following instructions for firewall configuration appropriately.

Procedure


  1. Port Configuration: Unblock ports 6500 and 6501 to allow for inbound UDP and TCP traffic. Unblock port 6503 to allow for outbound UDP and TCP traffic. Ports 1024 to 65535 must be open in both directions for TCP on-going sessions (i.e., ACK bit on) and for UDP. In addition, the assigned ports (default 6500-6503) must be opened for TCP connection setup from Server Agent addresses to Masters and Replicas, and from Master/Replicas addresses to Server Agents.
  2. IP addresses: Most Server Agents on the "non-trusted" side of the firewall are seen with NAT as two IP addresses: the IP address that is seen on the non-trusted side, and the IP address that is seen inside the firewall (trusted). The trusted IP address must be the one that is in the BoKS Manager database.
  3. On BoKS Server Agents for Unix/Linux on the "non-trusted" side of the firewall, set the BRIDGE_ADDR_USE variable to the primary address that is in the BoKS database.

To enable this:

a. Log in to the host and su to root.
b. Change to the $BOKS_etc directory (by default /etc/opt/boksm/)
c. Open the ENV file for editing
d. Look for a line that starts with BRIDGE_ADDR_USE. If it exists, simply change the associated IP address. If not, add the line:
BRIDGE_ADDR_USE=primary IP address
e. Save the file, exit the editor and restart the BoKS Manager daemons.

  1. On the Master, Replicas and BoKS Server Agents for Unix/Linux, set the NO_IP_CHECK_ON_CALLS variable to on. Follow the steps in 3 a - e, substituting this variable for BRIDGE_ADDR_USE, and set this variable to on.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018