[Freeipa-users] ipa ports
Dmitri Pal
dpal at redhat.com
Wed May 23 23:27:11 UTC 2012
On 05/23/2012 05:40 PM, Jan-Frode Myklebust wrote:
> We have quite strict firewalls, so I need to specify the IPA network
> ports accurately. So, we have now opening for:
>
> 80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp
> 88/udp, 464/udp
>
> in to our first IPA server. Now I'm in the process of configuring the
> first replica. Is there any other ports that needs to be opened between
> ipa master and replica?
>
> We don't serve NTP or DNS from IPA, so I guess these shouldn't be
> relevant, but I think we want dogtag replicated, so there's maybe some
> ports for that that needs opening ?
>
> Or, to put it another way, which of these ports:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Preparing_for_an_IPA_Installation.html#prereq-ports
>
> needs to be opened between ipa server, which for all clients, which for
> replica and which for administrative clients ?
>
> HTTP/HTTPS -- open for all
> LDAP/LDAPS -- open for all
> Kerberos -- open for all
> OCSP responder -- open for all if we use certs
>
> dogtag 9443 (agents) -- ?
> dogtag 9444 (users, SSL) -- ?
> dogtag 9445 (administrators) -- ?
> dogtag 9446 (users, client authentication) -- ?
> dogtag 9701 (Tomcat) -- ?
> dogtag 7389 (internal LDAP database) -- ?
>
>
Dogtag ports are now proxied vial HTTP
https://fedorahosted.org/freeipa/ticket/1334
I guess we need a doc bug to correct the documentation.
Opened: https://bugzilla.redhat.com/show_bug.cgi?id=824666
Replica can check its connectivity to master it is created from using
ipa-replica-conncheck utility on replica.
It seems that this is not documented.
Opened: https://bugzilla.redhat.com/show_bug.cgi?id=824667
> -jf
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list