[Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?
Martin Babinsky
mbabinsk at redhat.com
Wed Dec 14 17:17:15 UTC 2016
On 12/14/2016 05:50 PM, Chris Dagdigian wrote:
>
> Been reading various generations of documentation to find out if I need
> additional TCP or UDP ports opened for IPA replication between
> VPN-connected dataceners.
>
> I think the modern answer is no? We just need the standard IPA ports
> open between all of the IPA master/replicas that chat to each other?
>
> TCP Ports:
> * 80, 443: HTTP/HTTPS
> * 389, 636: LDAP/LDAPS
> * 88, 464: kerberos
> * 53: bind
> UDP Ports:
> * 88, 464: kerberos
> * 53: bind
> * 123: ntp
>
>
> -Chris
>
>
Hi Chris,
IIRC in IPA v3.0 there was 7389 port used for CA replication, but in
more recent versions this is not required anymore.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list