Celerra/VNX,VNX2 File にて必要なネットワークポート番号は?
更新済み
以下のKBより抜粋
45088 : Complete list of network ports used by Celerra.
https://support.emc.com/kb/45088
Celerra Data Mover (DM) or VNX VNX2 ,Blade
Celerra/VNX VNX2 Control Station (CS)
Default list of ports used by a Data Mover.
Port | Protocol | Service | Close port by stopping service? |
Comments |
20 | TCP | FTP | Yes | FTP data transfer port. Close port by disabling FTP. |
21 | TCP | FTP | Yes | FTP control port. FTP listens on this port for incoming requests. Disable via netd file. |
69 | UDP | TFTP | Yes | TFTP listens on 69. After request is received a random port is selected for data transfer. TFTP is not started by default. Requests are not authenticated. |
111 | TCP/UDP | sunrpc | Yes | Opened by portmapper or rpcbind. Necessary service. No authentication. |
137 | UDP | NETBIOS Name Service | Yes | Needed for CIFS. Stop CIFS to close port. No authentication. NETBIOS is required for pre-Win2K. |
138 | UDP | NETBIOS Datagram Service | Yes | Needed for CIFS. Stop CIFS to close port. No authentication. NETBIOS is required for pre-Win2K |
139 | TCP | NETBIOS Session Service | Yes | Needed for CIFS. Stop CIFS to close port. No authentication. NETBIOS is required for pre-Win2K |
161 | UDP | SNMP | Yes | Authentication by community string. SNMP also used for some DM<->CS communication (e.g. server_netstat). Can be closed with functionality loss. |
445 | TCP | Microsoft-DS | Yes | Needed for CIFS. Authentication per Microsoft standard. Stop CIFS to close port. |
520 | UDP | router (RIP) | Yes | Router Information Protocol. |
1234 | TCP/UDP | mount | No | Mount service required for NFS (v2 and v3). Also used in CS<->DM communication. Authenticated. |
2049 | TCP/UDP | NFS | No | Required for NFS. Also used in CS<->DM communication. Authenticated. |
4647 | UDP | lockd forward | Yes | Used for DM NFS Cluster functionality on the internal Celerra network. Not a public service. |
4658 | TCP | PAX | No | Portable Archive Interchange (PAX) service is used for tape backup functionality on the internal Celerra Network between CS and DM. PAX can be disabled if local tape backup is not implemented. |
5033 | TCP | NBS | No | Network Block Service (NBS) is a proprietary EMC protocol allowing block access to devices over IP networks. Precursor to iSCSI. CHAP authentication for NBS connectivity. NS platforms require NBS for CS access to control volume file systems. Since NBS is only used internally, the port can be placed behind a firewall. NBS service is required. |
5080 | TCP | HTTP | Yes | HTTP is used as a transport medium for Filemover (ILM policy engine to DM; HTTP digest authentication) and some CS<->DM communication. HTTP is required and cannot be disabled. Only needed over the private Celerra network. Access to HTTP by external agents is disabled by default. |
5085 | TCP | RCP | Yes | Used by Celerra Replicator V2 as Destination Control Port. |
8887 | TCP | RCP | Yes | Used by Celerra Replicator during a target to source resync. This port must be open between the source and target Data Movers. |
8888 | TCP | RCP | Yes | Used by Celerra Replicator. This port must be open between Data Movers on both sides of a replication session. |
10000 | TCP | NDMP | Yes | Network Data Management Protocol. Can be disabled if NDMP tape backup is not implemented. Authenticated service. |
12345 | TCP | usermapper | Yes | Usermapper provides SID to UID and GID mappings for CIFS clients. Usermapper is a core Celerra service and cannot be stopped. The port can be placed behind a firewall. Ensure that all DMs needing Usermapper have access to the port. |
31491 | UDP | RFA | No | Remote File Access. A core Celerra service used with NFS. This service is required. |
38914 | UDP | nfs forward | Yes | Port is used by DART NFS Cluster product. Not needed by external clients, only on private Celerra network. Can be put behind firewall. |
49152 - 65335 | TCP/UDP | statd | Yes | NFS file locking status monitor. Works with lockd to provide NFS recovery handling. |
49152 - 65335 | TCP/UDP | rquotad | Yes | rquotad provides quota information to NFS clients. Clients use 'quota' command to query rquotad via RPC. Authenticated. |
49152 - 65335 | TCP/UDP | lockd | Yes | NFS file-locking daemon. Handles NFS client lock requests. |
49152 - 65335 | TCP/UDP | MAC | No | A proprietary management protocol used in CS<->DM communication. Service cannot be stopped. Only used on the Celerra private network. |
List of default ports used by a Control Station.
Port | Protocol | Service | Close Port by Stopping Service? |
Comments |
22 | TCP | SSH | Yes; not recommended | Default shell for CS CLI. Telnet is disabled by default. Authenticated based on local CS users. |
80 | TCP | HTTP | No | All HTTP management traffic to this port is automatically redirected to port 443. |
111 | TCP/UDP | sunrpc | No | Used by portmapper and rpcbind. No authentication. Required service. |
161 | UDP | SNMP | Yes | Authentication by community string. Can be disabled with SNMP functionality loss. |
443 | TCP | HTTPS | No | Used for HTTPS management traffic by Celerra WebUI. Authentication based on local CS users. |
6389 | TCP | Navicli | No | CLARiiON management traffic port used by navicli. Port can be placed behind a firewall. |
8000 | TCP | HTTP | Yes | CS to CS communication for replication management. Authentication by explicit trust relationship (nas_cel); signed HTTP requests. Celerra Monitor also uses this port. Monitor authentication through a session token. Recommendation is to leave this port open. |
8014 | TCP | Java | No | CLARiiON agent to jserver communication. Used only for internal CS communication. |
8712 | TCP | NBS | No | NBS access to CS file systems via the Data Movers. Restricted to the Celerra private network. |
9823 | TCP | nas_mcd | No | NAS Master Control Daemon (nas_mcd) uses this port to communicate with remote nas_mcd processes on other CSs. This includes CS0<->CS1 communication and in RDF environments source CS <-> target CS communication. No authentication. nas_mcd is the master daemon which starts and monitors the other CS NAS processes.Both MirrorView for Celerra/VNX File and SRDF for Celerra/VNX File requires this port to be open between Source and Destination sites. |
32768 | TCP/UDP | statd | Yes | Dynamically allocated. Can be closed but not recommended. |
39494 | TCP/UDP | lockd | Yes | Dynamically allocated. Can be closed but not recommended. |
Ports which a Data Mover might contact.
Protocol | Port | Purpose | On what host(s) |
TCP/UDP | 53 | DNS | All Win2K and above Domain Controllers / DNS servers. |
TCP/UDP | 88 | Kerberos Ticket | All Kerberos Key Distribution Centers (KDCs); Windows and UNIX. |
TCP/UDP | 111 | Portmapper | All NFS clients, VC servers, NIS servers. |
TCP/UDP | 137 | WINS | All WINS servers. |
UDP | 138 | NETBIOS Datagram Service | All CIFS clients. Used for notifications and popups. |
TCP | 139 | NETBIOS Session Service | All Windows NT Domain Controllers. |
UDP | 161 | SNMP | All hosts configured to receive Data Mover traps. |
TCP/UDP | 389 | LDAP | All Win2K and above DCs or other LDAP servers. |
UDP | 3268 | LDAP | Queries to Win2K and above General Catalog. |
TCP | 445 | Microsoft-DS | All Windows Domain Controllers. |
TCP/UDP | 464 | Kerberos Password | All Win2K and above DCs or other KPASSWD servers. |
TCP/UDP | 625 | FMP | All Windows MPFS clients. |
TCP/UDP | 6907 | FMP | All UNIX MPFS clients. |
TCP/UDP | Dynamic | lockd | All NFS clients. |
TCP/UDP | Dynamic | statd | All NFS clients. |
TCP/UDP | Dynamic | NIS | NIS servers. |