Open firewall TCP ports 4505 and 4506 only in direction minion --> master?
544 views
Skip to first unread message
Markus Kramer
Jul 15, 2016, 6:34:51 AM7/15/16
to Salt-users
My salt-master is version 2015.5.5 (which I update asap).
Some of my minions are behind a firewall.
The firewall admin wants this table from me:
| Source | Destination | Port | Type |
|--------+-------------+------+------|
| | | | |
I assume a firewall opens a port depending on the direction (source --> destination).
After reading https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html I don't understand:
do I need to allow TCP ports 4505 and 4506 in both directions?
| Source | Destination | Port | Type |
|---------+-------------+------+------|
| minion1 | master | 4505 | TCP |
| minion1 | master | 4506 | TCP |
| master | minion1 | 4505 | TCP |
| master | minion1 | 4506 | TCP |
or is it enough to allow TCP ports 4505 and 4506 only in direction from minion to master (because the ports "need to be accessible on the master only" and they are "incoming connections")?
| Source | Destination | Port | Type |
|---------+-------------+------+------|
| minion1 | master | 4505 | TCP |
| minion1 | master | 4506 | TCP |
Thank you,
Markus
Some of my minions are behind a firewall.
The firewall admin wants this table from me:
| Source | Destination | Port | Type |
|--------+-------------+------+------|
| | | | |
I assume a firewall opens a port depending on the direction (source --> destination).
After reading https://docs.saltstack.com/en/latest/topics/tutorials/firewall.html I don't understand:
do I need to allow TCP ports 4505 and 4506 in both directions?
| Source | Destination | Port | Type |
|---------+-------------+------+------|
| minion1 | master | 4505 | TCP |
| minion1 | master | 4506 | TCP |
| master | minion1 | 4505 | TCP |
| master | minion1 | 4506 | TCP |
or is it enough to allow TCP ports 4505 and 4506 only in direction from minion to master (because the ports "need to be accessible on the master only" and they are "incoming connections")?
| Source | Destination | Port | Type |
|---------+-------------+------+------|
| minion1 | master | 4505 | TCP |
| minion1 | master | 4506 | TCP |
Thank you,
Markus
Steve Hajducko
Jul 15, 2016, 12:09:28 PM7/15/16
to Salt-users
You only need to open them from the minion to the master. The master doesn't make incoming connections, so it'd be your second example table.
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Markus Kramer
Jul 16, 2016, 3:21:54 PM7/16/16
to Salt-users
Thank you, Steve.
Your explanation helps me :-)
Your explanation helps me :-)
Reply all
Reply to author
Forward
0 new messages