35 lines
1.9 KiB
XML
35 lines
1.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<appendix xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="firewalls-default-ports">
|
|
<title>Firewalls and default ports</title>
|
|
<para>On some deployments, such as ones where restrictive
|
|
firewalls are in place, you might need to manually configure a
|
|
firewall to permit OpenStack service traffic.</para>
|
|
<para>To manually configure a firewall, you must permit traffic
|
|
through the ports that each OpenStack service uses. This table
|
|
lists the default ports that each OpenStack service
|
|
uses:</para>
|
|
<xi:include href="table_default-ports-primary-services.xml"/>
|
|
<para>To function properly, some OpenStack components depend on
|
|
other, non-OpenStack services. For example, the OpenStack
|
|
dashboard uses HTTP for non-secure communication. In this
|
|
case, you must configure the firewall to allow traffic to and
|
|
from HTTP.</para>
|
|
<para>This table lists the ports that other OpenStack components
|
|
use:</para>
|
|
<xi:include href="table_default-ports-peripheral-services.xml"/>
|
|
<para>On some deployments, the default port used by a service
|
|
may fall within the defined local port range of a host. To
|
|
check a host's local port range:</para>
|
|
<screen><prompt>$</prompt> <userinput>sysctl -a | grep ip_local_port_range</userinput></screen>
|
|
<para>If a service's default port falls within this range, run
|
|
the following program to check if the port has already been
|
|
assigned to another application:</para>
|
|
<screen><prompt>$</prompt> <userinput>lsof -i :<replaceable>PORT</replaceable></userinput></screen>
|
|
<para>Configure the service to use a different port if the
|
|
default port is already being used by another application.</para>
|
|
</appendix>
|