• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    What ports does FOG use?

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fogcloud
      last edited by

      I’ve used the info from the FOG wiki security page to make firewall rules on the server. So far this has worked well except for one thing. During the imaging process when it gets to the deployment script, it stops. I checked the server logs and a TCP port around 46500 was being blocked. I added it the rules and all was fine until the FOG server needed to be restarted. The port number then changed to a different TCP port around 55000. I conducted another test and sure enough the port number changed again after the server was restarted. The logs mentioned something about RPC.

      My best guess based on my online searches and the FOG wiki article is that this has to due with NFS and dynamic ports. The article doesn’t elaborate more on what range of ports are required or the possibility to configure NFS to use static ports.

      Does anyone have any insight or knowledge about this? Is it NFS? If so, what options do I have?

      AUTH IT CenterA Tom ElliottT 2 Replies Last reply Reply Quote 0
      • Tom ElliottT
        Tom Elliott @fogcloud
        last edited by

        @fogcloud Specific to your changing tcp 46500, 55000, etc… etc… I think this was due to NFS and RPC-Bind

        I have pushed code for dev-branch and working-1.6 (just this morning) that should maintain NFS static port to 20048 which can be both TCP and UDP. At least this way, it’s static.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        F 1 Reply Last reply Reply Quote 0
        • AUTH IT CenterA
          AUTH IT Center @fogcloud
          last edited by

          @fogcloud we have an ansible playbook to handle FOG firewall rules (firewalld) and the ports used are:

             allow_icmp:
                - echo-request
                - echo-reply
              services:
                - ftp
                - http
                - mountd
                - nfs
                - rpc-bind
                - tftp
              ports:
                - { port: 20048, proto: tcp }  # nfs
                - { port: 20048, proto: udp }  # nfs
                - { port: "35350-36350", proto: udp }  # tftp
                - { port: "49512-65532", proto: udp }  # multicast
          

          the port 20048 is added on nfs.conf
          the range 35350-36350 is added on tftp options
          and the 49512-65532 is for all the dynamic ports

          Tom ElliottT 1 Reply Last reply Reply Quote 3
          • Tom ElliottT
            Tom Elliott @AUTH IT Center
            last edited by Tom Elliott

            @AUTH-IT-Center @fogcloud I will work toward firewall-cmd (as that’s the system I’m using - Fedora 40) but the services I have enabled on mine:
            (Standard server - I’m working with 1.6 so bare with that as well)

            services: ftp, http, https, mountd, nfs, rpc-bind, ssh, tftp # this will often include ports
            ports:
            {port: 111, protos: udp, tcp} # Portmapper - NFS uses this
            {port: 49512-65532, protos: udp} # multicast
            

            if we want ports related to each service:

            20, 21 TCP - FTP
            22 TCP - SSH
            69 UDP - TFTP
            80 TCP - HTTP
            111 TCP, UDP - PORTMAPPER, RPC-BIND
            443 TCP - HTTPS
            20048 TCP, UDP - MOUNTD
            49512-65532 UDP - MULTICAST (if you really want to get down to it, these should only be even numbered ports as well - to lessen number of open ports)
            

            If you have a dhcp server, I think you’d need:

            67-68 UDP
            

            Now to be fair I don’t know if there’s anything else necessary but I think this would cover everything you would be needed. TFTP is only needed for the initial getting of the files during PXE boot so I believe that will always be port 69, no need for the UDP ports (though happy to be corrected if needed.)

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 2
            • Tom ElliottT
              Tom Elliott @fogcloud
              last edited by

              @fogcloud Specific to your changing tcp 46500, 55000, etc… etc… I think this was due to NFS and RPC-Bind

              I have pushed code for dev-branch and working-1.6 (just this morning) that should maintain NFS static port to 20048 which can be both TCP and UDP. At least this way, it’s static.

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              F 1 Reply Last reply Reply Quote 0
              • [[undefined-on, F fogcloud, ]]
              • F
                fogcloud @Tom Elliott
                last edited by

                @Tom-Elliott @AUTH-IT-Center
                Thank you both very much for the fast and detailed responses! NFS mountd was indeed the culprit. Port 20048 was allowed, but I wasn’t aware that this needed to be configured in the nfs.conf file. Confirmed that imaging is working now.

                1 Reply Last reply Reply Quote 0
                • F fogcloud referenced this topic on
                • 1 / 1
                • First post
                  Last post

                176

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project