Steven Jones wrote:
This is becoming a bit of a grind....

Anyway, either I have not found it yet, or a definitive set of ports
that need to be open isnt there,  this is my best shot so far,

Have I missed any or are there some not needed?

ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp dpt:88
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:464
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:443
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:123
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:389
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:389
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:636
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:636
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:7389
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:7389
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:9180
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:9180
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:9444
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:9444
ACCEPT     tcp  --  192.168.100.0/24     0.0.0.0/0           tcp
dpt:9445
ACCEPT     udp  --  192.168.100.0/24     0.0.0.0/0           udp
dpt:9445


If you set up IPA as a DNS server you'll want to allow port 53.

You don't need udp for 9180, 9444 and 9445.

You probably don't need 9180, 9444 and 9445 open at all. You need 7389 open only if you are doing replication (and you might want to restrict it to those hosts that it replicates to).

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to