[Freeipa-devel] Correct firewall ports for multi-master replicas
Martin Kosek
mkosek at redhat.com
Thu Jul 17 12:12:41 UTC 2014
On 07/14/2014 10:20 AM, Petr Spacek wrote:
> On 12.7.2014 08:40, James wrote:
>> Hi freeipa-devel,
>>
>> I just added automatic firewalling for puppet-ipa. (Disclaimer it's
>> currently untested...)
>>
>> What I'm missing is an exact and exhaustive list of exactly which ports
>> each replica needs open for each other replica. I'm hoping that this
>> list is symmetrical.
>
> AFAIK ipa-replica-conncheck utility and ipa-server-install script should show
> list of required ports.
>
The ipa-replica-conncheck list is a good start, but it does not for example
show ports of optional services, like DNS. You need to figure these out based
on installed optional services.
Martin
More information about the Freeipa-devel
mailing list