Vertica Documentation – Configure the network /en/setup/set-up-on-premises/before-you-install/configure-network/ Recent content in Configure the network on Vertica Documentation Hugo -- gohugo.io Setup: Ensure ports are available /en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/ Mon, 01 Jan 0001 00:00:00 +0000 /en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/ <p> The install_vertica script checks that required ports are open and available to Vertica. The installer reports any issues with identifier <code>N0020</code>.</p> <p>You can also verify that ports required by Vertica are not in use by running the following command as the root user and comparing it with the ports required, as shown below:</p> <pre tabindex="0"><code>$ netstat -atupn </code></pre><p>If you are using a Red Hat 7/CentOS 7 system, use the following command instead:</p> <pre tabindex="0"><code>$ ss -atupn </code></pre><h2 id="firewall-requirements">Firewall requirements</h2> <p>Vertica requires several ports to be open on the local network. Vertica does not recommend placing a firewall between nodes (all nodes should be behind a firewall), but if you must use a firewall between nodes, ensure the following ports are available:</p> <table class="table table-bordered" > <tr> <th > Port</th> <th > Protocol</th> <th > Service</th> <th > Notes</th></tr> <tr> <td > 22</td> <td > TCP</td> <td > sshd</td> <td > Required by <a class="glosslink" href="../../../../../en/glossary/admin-tools/" title="Vertica Administration Tools provides a graphical user interface for managing a Vertica database.">Administration tools</a> and the <a href="../../../../../en/mc/getting-started-with-mc/creating-cluster-using-mc/use-mc-cluster-installation-wizard/">Management Console Cluster Installation</a> wizard.</td></tr> <tr> <td > 5433</td> <td > TCP</td> <td > Vertica</td> <td > Vertica client (vsql, ODBC, JDBC, etc) port.</td></tr> <tr> <td > 5434</td> <td > TCP</td> <td > Vertica</td> <td > Intra- and inter-cluster communication. Vertica opens the Vertica client port +1 (5434 by default) for intra-cluster communication, such as during a plan. If the port +1 from the default client port is not available, then Vertica opens a random port for intra-cluster communication.</td></tr> <tr> <td > 5433</td> <td > UDP</td> <td > Vertica</td> <td > Vertica spread monitoring and MC cluster import.</td></tr> <tr> <td > 5444</td> <td > TCP</td> <td > Vertica<br />Management Console</td> <td > MC-to-node and node-to-node (agent) communications port. See <a href="../../../../../en/mc/configuring-mc/changing-mc-or-agent-ports/">Changing MC or agent ports</a>.</td></tr> <tr> <td > 5450</td> <td > TCP</td> <td > Vertica<br />Management Console</td> <td > Port used to connect to MC from a web browser and allows communication from nodes to the MC application/web server. See <a href="../../../../../en/mc/getting-started-with-mc/connecting-to-mc/">Connecting to Management Console</a>.</td></tr> <tr> <td > 4803</td> <td > TCP</td> <td > <a class="glosslink" href="../../../../../en/glossary/spread/" title="An open source toolkit used in Vertica to provide a high performance messaging service that is resilient to network faults.">Spread</a></td> <td > Client connections.</td></tr> <tr> <td > 8443</td> <td > TCP</td> <td > HTTPS</td> <td > Reserved.</td></tr> <tr> <td > 4803</td> <td > UDP</td> <td > Spread</td> <td > Daemon to daemon connections.</td></tr> <tr> <td > 4804</td> <td > UDP</td> <td > Spread</td> <td > Daemon to daemon connections.</td></tr> <tr> <td > 6543</td> <td > UDP</td> <td > Spread</td> <td > Monitor to daemon connection.</td></tr></table> Setup: Firewall considerations /en/setup/set-up-on-premises/before-you-install/configure-network/firewall-considerations/ Mon, 01 Jan 0001 00:00:00 +0000 /en/setup/set-up-on-premises/before-you-install/configure-network/firewall-considerations/ <p>Vertica requires multiple ports be open between nodes. You may use a firewall (IP Tables) on Redhat/CentOS and Ubuntu/Debian based systems. Note that firewall use is not supported on SuSE systems and that SuSE systems must disable the firewall. The installer reports issues found with your IP tables configuration with the identifiers <strong>N0010</strong> for (systems that use IP Tables) and <strong>N011</strong> (for SuSE systems).</p> <p>The installer checks the IP tables configuration and issues a warning if there are any configured rules or chains. The installer does not detect if the configuration may conflict with Vertica. It is your responsibility to verify that your firewall allows traffic for Vertica as described in <a href="../../../../../en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/">Ensure ports are available</a>. <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> The installer does not check NAT entries in iptables. </div></p> <p>You can modify your firewall to allow for Vertica network traffic, or you can disable the firewall if your network is secure. Note that firewalls are not supported for Vertica systems running on SuSE. <div class="admonition important" role="alert"> <h4 class="admonition-head">Important</h4> You may encounter the <strong>N0010</strong> issue even when the firewall is disabled. If this occurs, you can workaround this issue and install Vertica by ignoring installer WARN messages. To do this, install (or update) with a failure threshold of FAIL. For example, <code>/opt/vertica/sbin/install_vertica --failure-threshold FAIL &lt;other install options...&gt;</code>. </div></p> <h2 id="red-hat-6-and-centos-6-systems">Red hat 6 and CentOS 6 systems</h2> <p>For details on how to configure iptables and allow specific ports to be open, see the platform-specific documentation for your platform:</p> <ul> <li>RedHat: <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-IPTables.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-IPTables.html</a></li> <li>CentOS: <a href="http://wiki.centos.org/HowTos/Network/IPTables">http://wiki.centos.org/HowTos/Network/IPTables</a></li> </ul> <p>To disable iptables, run the following command as root or sudo:</p> <pre tabindex="0"><code># service iptables save # service iptables stop # chkconfig iptables off </code></pre><p>To disable iptables if you are using the ipv6 versions of iptables, run the following command as root or sudo:</p> <pre tabindex="0"><code># service ip6tables save # service ip6tables stop # chkconfig ip6tables off </code></pre><h2 id="red-hat-7-and-centos-7-systems">Red hat 7 and CentOS 7 systems:</h2> <p>To disable the system firewall, run the following command as root or sudo:</p> <pre tabindex="0"><code># systemctl mask firewalld # systemctl disable firewalld # systemctl stop firewalld </code></pre><h2 id="ubuntu-and-debian-systems">Ubuntu and debian systems</h2> <p>For details on how to configure iptables and allow specific ports to be open, see the platform-specific documentation for your platform:</p> <ul> <li> <p>Debian: <a href="https://wiki.debian.org/iptables">https://wiki.debian.org/iptables</a></p> </li> <li> <p>Ubuntu: <a href="https://help.ubuntu.com/12.04/serverguide/firewall.html">https://help.ubuntu.com/12.04/serverguide/firewall.html</a>.</p> </li> </ul> <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> Ubuntu uses the ufw program to manage iptables. </div> <p>To disable iptables on Debian, run the following command as root or sudo:</p> <pre tabindex="0"><code> $ /etc/init.d/iptables stop $ update-rc.d -f iptables remove </code></pre><p>To disable iptables on Ubuntu, run the following command:</p> <pre tabindex="0"><code>$ sudo ufw disable </code></pre><h2 id="suse-systems">SuSE systems</h2> <p>The firewall must be disabled on SUSE systems. To disable the firewall on SuSE systems, run the following command:</p> <pre tabindex="0"><code># /sbin/SuSEfirewall2 off </code></pre>