On 5/10/2017 11:40 AM, msouthwick wrote: > I have 2 zookeepers, 2 shards and 2 replica shards in my setup. Everything > was working just fine until I enabled the firewall. I started by allowing > ports: 1099, 2181, 2888, 3888, 8983. Now I get the following in the > zookeeper log. > > 2017-05-10 11:04:11,300 [myid:1] - INFO > [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - > Accepted socket connection from /151.155.70.24:43248 <snip> > It looks to me that the port is being changed in this example to 43248. This > number changes so I opened a range of ports from 43000 to 43300 in hopes > that this would fix the issue but as you can see it didn't.
That's the source port on the client side of the TCP connection. 2181 is the destination port on the server side. Although most firewalls are CAPABLE of restricting traffic by the source port, it is rare for such restrictions to be configured intentionally. The source port is basically unpredictable without extensive knowledge of a client's TCP stack implementation. The source port range for Linux machines is typically 32768 to 61000. It can be configured, but unless you are absolutely certain that you MUST configure this, you should not worry about changing it. Other client operating systems may use a different port range, but it will generally have thousands of possible ports available. Thanks, Shawn
