By default, Galera Cluster may require all or some of the following ports to be open between the nodes:
For example, in a LAN environment the iptables configuration on each node may look as follows:
# iptables -A INPUT -i eth0 -p tcp -m tcp --source 192.168.0.1/24 --dport 3306 -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp -m tcp --source 192.168.0.1/24 --dport 4567 -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp -m tcp --source 192.168.0.1/24 --dport 4568 -j ACCEPT
# iptables -A INPUT -i eth0 -p tcp -m tcp --source 192.168.0.1/24 --dport 4444 -j ACCEPT
In a WAN environment, this setup may be tedious to manage. Alternatively, with not much loss of security, you can simply open a full range of ports between trusted hosts:
# iptables -A INPUT -p tcp -s 64.57.102.34 -j ACCEPT
# iptables -A INPUT -p tcp -s 193.166.3.2 -j ACCEPT
Note
The IP addresses in the example are for demonstration purposes only. Use the real values from your nodes and netmask in your iptables configuration.