[Freeipa-users] ipa ports
Jan-Frode Myklebust
janfrode at tanso.net
Wed May 23 21:40:30 UTC 2012
We have quite strict firewalls, so I need to specify the IPA network
ports accurately. So, we have now opening for:
80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp
88/udp, 464/udp
in to our first IPA server. Now I'm in the process of configuring the
first replica. Is there any other ports that needs to be opened between
ipa master and replica?
We don't serve NTP or DNS from IPA, so I guess these shouldn't be
relevant, but I think we want dogtag replicated, so there's maybe some
ports for that that needs opening ?
Or, to put it another way, which of these ports:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Preparing_for_an_IPA_Installation.html#prereq-ports
needs to be opened between ipa server, which for all clients, which for
replica and which for administrative clients ?
HTTP/HTTPS -- open for all
LDAP/LDAPS -- open for all
Kerberos -- open for all
OCSP responder -- open for all if we use certs
dogtag 9443 (agents) -- ?
dogtag 9444 (users, SSL) -- ?
dogtag 9445 (administrators) -- ?
dogtag 9446 (users, client authentication) -- ?
dogtag 9701 (Tomcat) -- ?
dogtag 7389 (internal LDAP database) -- ?
-jf
More information about the Freeipa-users
mailing list