Still no definitive answers... My testing shows that both the NiFi UI port (e.g., 8080) and the data port (e.g., 8081) must be open in both directions through a firewall. Even with those iptables rules, it seems something is missing. I will figure it out eventually, and let everyone know what's required to use Nifi across firewall boundaries.
Rick -----Original Message----- From: Rick Braddy Sent: Monday, October 05, 2015 10:18 AM To: [email protected] Subject: RE: Remote process group networking Let me ask this in a simpler way... for Nifi Remote Process Group communications across firewall boundaries, which ports must be open through firewalls between a source node running the local graph processes and the Remote Process Group node? Rick -----Original Message----- From: Rick Braddy [mailto:[email protected]] Sent: Saturday, October 03, 2015 4:59 PM To: [email protected] Subject: Remote process group networking I have a question about network paths required for proper operation of remote process groups. By default, the initial connection from source node to remote process group target node is on port 8080. Then, there's a second port (e.g., I set it to 8081 and a setting for whether it's SSL secured or not). The question is, are the TCP connection one way, from source node where graph is running to the remote process group's node only, or are bidirectional TCP connections required? The reason I ask is encountering problems trying to connect from data center that has open outbound firewall, but allows no incoming connections. On the target node, there is no indication in nifi-app.log of the source node even attempting connect (not sure if debug logging is required). If there's some other information on remote process group network topology setup and/or troubleshooting, would be great to read up on it. Thanks Rick
