To permenantly enable selected web access to the cluster from other machines on the public network, follow the steps below. Apache's access control directives will provide protection for the most sensitive parts of the cluster web site, however some effort will be necessary to make effective use of them.
HTTP (web access protocol) is a clear-text channel into your cluster. Although the Apache webserver is mature and well tested, security holes in the PHP engine have been found and exploited. Opening web access to the outside world by following the instructions below will make your cluster more prone to malicious attacks and breakins.
Edit the /etc/sysconfig/iptables file and open up https and www traffic by changing the section:
... # http and https is allowed for all nodes on the public subnet -A INPUT -m state --state NEW -p tcp --dport https --source XXX.XXX.XXX.0/255.255.255.0 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport www --source XXX.XXX.XXX.0/255.255.255.0 -j ACCEPT ... other firewall directives ...
... # http and https is allowed for all nodes on the public subnet -A INPUT -m state --state NEW -p tcp --dport https -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport www -j ACCEPT ... other firewall directives ...
Restart the iptables service. You must execute this command as the root user.
# service iptables restart
Test your changes by pointing a web browser to http://my.cluster.org/, where "my.cluster.org" is the DNS name of your frontend machine.
If you cannot connect to this address, the problem is most likely in your network connectivity between your web browser and the cluster. Check that you can ping the frontend machine from the machine running the web browser, that you can ssh into it, etc.