Hi,
Currently trying to implement iptables in the RedHat install. In and of itself not a hugely complicated task but they want it locked only to open the ports that are needed explicitly on each node, and I can not find documentation that is that specific.
Here are the ports we have discovered to be needed by Domino.
tcp 22 SSH for administration
tcp 25 Email service
tcp 80 Access to Domino Web UI and API
tcp 443 Access to Domino Web UI and API
tcp 636 LDAP
tcp 2049 NFS
tcp 2379 Etcd (Kubernetes DB)
tcp 2380 Etcd (Kubernetes DB)
tcp 4505 Salt (configuration management)
tcp 4506 Salt (configuration management)
tcp 5000 Domino Docker Registry
tcp 6379 Redis (logging)
tcp 6443 Kubernetes API Port Access
tcp 8080 Kubernetes API Port Access (or SSH proxy node)
tcp 8285 Flannel (Kubernetes)
tcp 9000 Domino API Port
tcp 9001 Domino Git Server
tcp 9200 ElasticSearch (search)
tcp 9210 ElasticSearch (logging)
tcp 9300 ElasticSearch (search)
tcp 9310 ElasticSearch (logging)
tcp 10001 Java Debugger
tcp 10250 Kubelet Port
tcp 24224 Domino Fluentd
tcp 24225 Domino Fluentd
tcp 24321 Domino Fluentd
tcp 27017 MongoDB
tcp 30000:32767 Kubernetes Service Port Range
tcp 30200 Prometheus Monitoring
tcp 41414 Apache Flume
tcp 42185 Fluentd Syslog
tcp 49000:49999 SSH and Spark access to Domino Runs
Here is a picture of the current setup on AWS.
The question is what ports documented above need to be open on individual nodes?
Thanks,
Petter
Here is a picture of the current setup on AWS.
The question is what ports documented above need to be open on individual nodes?
Thanks,
Petter
Comments
1 comment
A complete iptables lockdown is not supported by Domino at this time so this will not be implemented.
Submitted by: petter.olsson
Please sign in to leave a comment.