• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Ports used between the FOG Master and the FOG Node and between FOG Node and Hosts

    Scheduled Pinned Locked Moved Solved
    General
    4
    7
    708
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Seb77
      last edited by

      Hey everyone, please excuse me for my english.

      It’s been a while i’m using FOG at work but i encounter a problem, i try to secure the communication between the FOG Master and the Node and between the FOG Node and hosts.

      On my Firewall (Centos 7 with firewalld and iptables) i tried to only accept the port FOG need but when i accept the port find on : https://wiki.fogproject.org/wiki/index.php?title=FOGUserGuide#Full_Listing_of_Ports_used_by_FOG_server_and_client
      The site of the FOG Master bug (i can’t see other Node other than the one of the FOG MASTER, can’t go on some tab…)
      But i can capture and deploy without a problem

      Can i have some help

      Thanks

      P.S. : If there is some french folks who can help me in my native language it would be awesome

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian Roth Moderator
        last edited by

        @Seb77 said in Ports used between the FOG Master and the FOG Node and between FOG Node and Hosts:

        i try to secure the communication between the FOG Master and the Node and between the FOG Node and hosts

        FOG uses FTP protocoll (replication from master to storage node) which is not great secruity-wise. Actually it’s hell. We have discussed this a fair bit but it just takes too much work to quickly switch to a different protocol and so it’s still in use. For FTP you need to open high ports (1024 – 65535) as FTP opens data connections on random port numbers which renders firewall security mostly useless.

        The site of the FOG Master bug (i can’t see other Node other than the one of the FOG MASTER, can’t go on some tab…)

        Can you please explain exactly what the issue is here? Maybe post a screenshot which tells more than a thousand words.

        If there is some french folks who can help me in my native language it would be awesome

        Sorry, not me. Never learned it at school.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 1
        • S
          Seb77
          last edited by

          First of all thank’s for the reply
          There is a screenshot of the error when i try to access some tab (Can be all of the tabs it depends)
          Forum.PNG

          I got this error only when i have the firewall active.

          If i understand well there is no way to totaly secure the fog communication because of the FTP protocol ?
          The problem is that i have to deploy a Node for a client who need everything 100% secure, can’t i use an other protocol then FTP ?

          S 1 Reply Last reply Reply Quote 0
          • S
            Seb77 @Seb77
            last edited by

            And there is my TEST iptables config
            iptables -t filter -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
            iptables -t filter -A INPUT -p udp -m udp --dport 3306 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
            iptables -t filter -A INPUT -p udp -m udp --dport 69 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
            iptables -t filter -A INPUT -p udp -m udp --dport 111 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
            iptables -t filter -A INPUT -p udp -m udp --dport 2049 -j ACCEPT
            iptables -t filter -A INPUT -p tcp -m tcp --dport 1024:65535 -j ACCEPT
            iptables -t filter -A INPUT -p udp -m udp --dport 1024:65535 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT
            iptables -t filter -A OUTPUT -p udp -m udp --sport 3306 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
            iptables -t filter -A OUTPUT -p udp -m udp --sport 69 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 111 -j ACCEPT
            iptables -t filter -A OUTPUT -p udp -m udp --sport 111 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 2049 -j ACCEPT
            iptables -t filter -A OUTPUT -p udp -m udp --sport 2049 -j ACCEPT
            iptables -t filter -A OUTPUT -p tcp -m tcp --sport 1024:65535 -j ACCEPT
            iptables -t filter -A OUTPUT -p udp -m udp --sport 1024:65535 -j ACCEPT
            iptables -t filter -t filter -A INPUT -j DROP
            iptables -t filter -t filter -A OUTPUT -j DROP

            1 Reply Last reply Reply Quote 0
            • george1421G
              george1421 Moderator
              last edited by

              FWIW one of the previous developers created a small cheat sheet for setting up firewall rules for FOG: https://forums.fogproject.org/topic/6162/firewall-configuration

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

              1 Reply Last reply Reply Quote 1
              • S
                Sebastian Roth Moderator
                last edited by

                @Seb77 Some Linux services like Apache and PHP-FPM communicate through the local loopback device called lo and you need to add a rule to allow that traffic as well. Otherwise you get the error posted in the picture.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • Wayne WorkmanW
                  Wayne Workman
                  last edited by

                  @Seb77 this might be helpful. https://wiki.fogproject.org/wiki/index.php?title=CentOS_7#Continue_pre-config
                  The services are listed, and some UDP ports. This config does work.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post

                  172

                  Online

                  12.1k

                  Users

                  17.3k

                  Topics

                  155.3k

                  Posts
                  Copyright © 2012-2024 FOG Project