Steven Jones wrote:
This is becoming a bit of a grind....
Anyway, either I have not found it yet, or a definitive set of ports
that need to be open isnt there, this is my best shot so far,
Have I missed any or are there some not needed?
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:88
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:464
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:443
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:123
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:389
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:389
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:636
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:636
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:7389
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:7389
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:9180
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:9180
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:9444
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:9444
ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp
dpt:9445
ACCEPT udp -- 192.168.100.0/24 0.0.0.0/0 udp
dpt:9445
If you set up IPA as a DNS server you'll want to allow port 53.
You don't need udp for 9180, 9444 and 9445.
You probably don't need 9180, 9444 and 9445 open at all. You need 7389
open only if you are doing replication (and you might want to restrict
it to those hosts that it replicates to).
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
