Forum OpenACS Q&A: Minimum firewall ports?

Posted by Jesse Wendel on 02/11/04 03:43 AM

Hi Everyone,

My name is Jesse Wendel. I'm a senior messaging analyst at a Fortune 500 company, but fairly new to OACS.

I'm setting up my first ever test OACS server, which will be inside our DMZ, with a fairly agressive firewall administrator.

Is there a list somewhere/what are the standard minimum protocol/ports I need open both to operate, and to manage the box remotely? Here is what I've come up with so far:

ssh-22
smtp-25
http-80
https-443

What else do you recommend? http at, say, higher ports, so I can run a dev and staging instance as well? If so, are there standard ports within the community for dev and staging?

Thanks much,

Jesse

2: Re: Minimum firewall ports? (response to 1)

Posted by Bart Teeuwisse on 02/11/04 03:51 AM

Welcome Jesse,

higher HTTP ports are not required if you use IP aliases (http://cr.yp.to/djbdns/ifconfig.html) combined with a HTTP proxy such as Pound (http://www.apsis.ch/pound/).

You are effectively running virtual servers behind a name based proxy. See http://www.thecodemill.biz/publications/blog/one-entry?entry%5fid=9968 and http://www.thecodemill.biz/publications/blog/one-entry?entry%5fid=9977 for more information on Pound and OpenACS.

/Bart

3: Re: Minimum firewall ports? (response to 1)

Posted by James Harris on 02/11/04 04:23 AM

The two most commonly used ports for development / staging are 8000 (HTTP) and 8443 (HTTPS).

4: Re: Minimum firewall ports? (response to 3)

Posted by Joel Aufrecht on 02/11/04 09:27 AM

Also documented here: http://openacs.org/doc/openacs-5-0-0/install-redhat.html
as step 11c.

5: Re: Minimum firewall ports? (response to 1)

Posted by Jesse Wendel on 02/12/04 08:44 AM

Thanks everyone.

Jesse