[OpenAFS] Which inbound ports need to be open for AFS servers?
Derrick Brashear
shadow@gmail.com
Mon, 6 Apr 2009 21:36:10 -0400
the recent security annoucement had zero to do with servers, of course.
Derrick
On Apr 6, 2009, at 9:34 PM, Russ Allbery <rra@stanford.edu> wrote:
> Jason Edgecombe <jason@rampaginggeek.com> writes:
>
>> In light of the recent security announcement, I would like to
>> review the
>> open firewall ports on my AFS servers.
>>
>> For quick reference, here are the ports from the afsd man page:
>>
>> fileserver 7000/udp
>> cachemanager 7001/udp
>> ptserver 7002/udp
>> vlserver 7003/udp
>> kaserver 7004/udp (not needed with Kerberos v5)
>> volserver 7005/udp
>> reserved 7006/udp (for future use)
>> bosserver 7007/udp
>>
>> Which of these ports need to be open inbound for off-site clients
>> to work
>> properly?
>
> 7000 and 7005 on file servers, 7002 and 7003 on VLDB servers. 7007
> only
> if you want to allow bos access from off-site.
>
>> Would it hurt anything to block port 7001 inbound on a fileserver
>> or DB
>> server running an AFS client?
>
> No. You only need port 7001 open to AFS file servers that you want to
> talk to.
>
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/
> >
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info