Firewalls and Ports

Make sure your port settings are configured correctly for firewalls.

For each GemFire XD member, there are two different port settings you may need to be concerned with regarding firewalls:

Also, each member that hosts a gateway receiver uses a range ports to listen for incoming communication from one or more gateway senders, for replicating data between multiple GemFire XD distributed systems.

Limiting Ephemeral Ports for Peer-to-Peer Membership

By default, GemFire XD utilizes ephemeral ports for UDP messaging and TCP failure detection. Ephemeral ports are temporary ports assigned from a designated range, which can encompass a large number of possible ports. When a firewall is present, the ephemeral port range usually must be limited to a much smaller number, for example six. If you are configuring P2P communications through a firewall, you must also set each the tcp port for each process and ensure that UDP traffic is allowed through the firewall.

Properties for Firewall and Port Configuration

This following tables contain properties potentially involved in firewall behavior, with a brief description of each property. Click on a property name for a link to the Configuration Properties reference topic.

Configuration
Configuration area Property or Setting Definition
peer-to-peer config

conserve-sockets

Specifies whether sockets are shared by the system member's threads.

peer-to-peer config

locators

The list of locators used by system members. The list must be configured consistently for every member of the distributed system.

peer-to-peer config

mcast-address

Address used to discover other members of the distributed system. Only used if mcast-port is non-zero. This attribute must be consistent across the distributed system.

peer-to-peer config

mcast-port

Port used, along with the mcast-address, for multicast communication with other members of the distributed system. If zero, multicast is disabled for member discovery and distribution.

peer-to-peer config

membership-port-range

The range of ephemeral ports available for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.

peer-to-peer config

tcp-port

The TCP port to listen on for cache communications.

Configuration
Configuration Area Property or Setting Definition
JMX manager config

jmx-manager-hostname-for-clients

Hostname or IP address to pass to the client as the location where the server is listening.

member config

gemfirexd.drda.portNumber or -client-port option to the gfxd server and gfxd locator commands.

Port that the member listens on for client communication.

Configuration
Configuration Area Property or Setting Definition
multi-site (WAN) config -remote-locators option to the gfxd locator command.

List of locators (and their ports) that are available on the remote WAN site.

multi-site (WAN) config

HOSTNAMEFORSENDERS option to the CREATE GATEWAYRECEIVER command.

Hostname or IP address of the gateway receiver used by gateway senders to connect.

multi-site (WAN) config

STARTPORT and ENDPORT OPTIONS to the CREATE GATEWAYRECEIVER

Port range that the gateway receiver can use to listen for gateway sender communication.

Default Ports

Port Name

Related Configuration Setting

Default Port

Gateway Receiver

STARTPORT and ENDPORT OPTIONS to the CREATE GATEWAYRECEIVER

5000 to 5500

HTTP

jmx-manager-http-port 7070

Locator

gfxd locator command. 10334

Membership Port Range

membership-port-range 1024 to 65535

Multicast

mcast-port 10334

RMI

jmx-manager-port 1099

TCP

tcp-port 0 (ephemeral port)