When Swarm components, such as SwarmNFS servers, run on machines that have no direct access to the private network, you must make your Elasticsearch nodes accessible on the public network. Those ES nodes and their data must be protected, and IPtables is one method to secure the ES nodes from unwanted access, which is done by restricting access to specific components only.
These are the types of access needed to the Elasticsearch nodes:
- Content Gateway, CSN, Swarm Storage nodes, other ES nodes — internal, private network (control via ACCEPT on the private interface)
- SwarmNFS servers — public network (specify which IPs on the public interface)
- Elasticsearch management — allow port 22 access on the public network for ES node management
Public Access via IPTables
Below are examples of how IPTables can be defined to allow SwarmNFS servers to access Elasticsearch nodes. These examples were derived from wiki.centos.org/HowTos/Network/IPTables. The example assumes these interfaces on ES nodes:
...