Bug #3359
closed
Documentation for iptables rules requirements
Added by Duncan Innes about 11 years ago.
Updated over 6 years ago.
Description
Whilst it might not be the most difficult thing to track down the firewall requirements for Foreman when installing on systems which require iptables lockdown, there doesn't seem to be any mention of the requirements in the documentation.
It would be helpful if there was advice on which ports/protocols are required for foreman deployments of different types. i.e. Foreman standalone, separate database, various types of smart-proxy etc.
Happy to help with writing this up - will be my first effort in Markdown though. Is there a definitive list of port requirements anywhere? Assistance on where this would fit in the documentation would also be a help.
Thanks for the offer, that'd be much appreciated.
So the following ports are usually used:
- HTTP (80/tcp), HTTPS (443/tcp) for access to Foreman
- 8443/tcp for access to the proxy - should only be opened to the Foreman host if they're separate
- 8140/tcp for the Puppet master
- 67-68/udp for DHCP proxy servers
- 69/udp for TFTP proxy servers (installed by default on the Foreman all-in-one)
- 53/udp and 53/tcp for DNS proxy servers
I would suggest repurposing section 3.1 in the manual from "Supported Platforms" to System or Installation Requirements, move platforms to 3.1.1 and add network/firewall config into 3.1.2 or similar.
The source for the manual is on GitHub in the theforeman.org project. Here's section 3.1 specifically: https://github.com/theforeman/theforeman.org/blob/gh-pages/_includes/manuals/1.3/3.1_platforms.md. As you said, it's Markdown, but the formatting's easy.
The sections are managed and put together in this top level file:
https://github.com/theforeman/theforeman.org/blob/gh-pages/manuals/1.3/index.md
See the repo README file for how to bring up a test instance of the website locally too.
I missed out databases, which would be 3306/tcp for MySQL and 5432/tcp for PostgreSQL.
Sounds the right way forward to me. I'll knock some text together and see what I come up with.
3.1 (System|Installation) Requirements
3.1.1 Platforms
3.1.2 Firewall Config
- Status changed from New to Closed
- Assignee set to Duncan Innes
- Target version set to 1.15.0
- % Done changed from 0 to 100
- Translation missing: en.field_release set to 1
Also available in: Atom
PDF