[OpenAFS] Which inbound ports need to be open for AFS servers?
Mon, 6 Apr 2009 21:36:10 -0400
the recent security annoucement had zero to do with servers, of course.
On Apr 6, 2009, at 9:34 PM, Russ Allbery <email@example.com> wrote:
> Jason Edgecombe <firstname.lastname@example.org> writes:
>> In light of the recent security announcement, I would like to
>> review the
>> open firewall ports on my AFS servers.
>> For quick reference, here are the ports from the afsd man page:
>> fileserver 7000/udp
>> cachemanager 7001/udp
>> ptserver 7002/udp
>> vlserver 7003/udp
>> kaserver 7004/udp (not needed with Kerberos v5)
>> volserver 7005/udp
>> reserved 7006/udp (for future use)
>> bosserver 7007/udp
>> Which of these ports need to be open inbound for off-site clients
>> to work
> 7000 and 7005 on file servers, 7002 and 7003 on VLDB servers. 7007
> if you want to allow bos access from off-site.
>> Would it hurt anything to block port 7001 inbound on a fileserver
>> or DB
>> server running an AFS client?
> No. You only need port 7001 open to AFS file servers that you want to
> talk to.
> Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/
> OpenAFS-info mailing list