[Engine-devel] Proposed change in default port numbers
Shireesh Anjal
sanjal at redhat.com
Wed Jul 18 09:39:45 UTC 2012
On Tuesday 17 July 2012 11:57 PM, Juan Hernandez wrote:
> On 07/17/2012 08:19 PM, Steve Gordon wrote:
>> ----- Original Message -----
>>> From: "Juan Hernandez" <jhernand at redhat.com>
>>> To: "Andrew Cathrow" <acathrow at redhat.com>
>>> Cc: engine-devel at ovirt.org
>>> Sent: Monday, July 16, 2012 3:27:02 PM
>>> Subject: Re: [Engine-devel] Proposed change in default port numbers
>>>
>>> On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
>>>>
>>>> ----- Original Message -----
>>>>> From: "Juan Hernandez" <jhernand at redhat.com>
>>>>> To: engine-devel at ovirt.org
>>>>> Sent: Monday, July 16, 2012 2:44:40 PM
>>>>> Subject: [Engine-devel] Proposed change in default port numbers
>>>>>
>>>>> Hello all,
>>>>>
>>>>> In change http://gerrit.ovirt.org/6348 I am proposing to change
>>>>> the
>>>>> default port numbers used by the engine, in order to avoid
>>>>> conflicts
>>>>> with the default ports used by JBoss.
>>>> To be clear though even if we moved to use port 6090 for http and
>>>> 6091 for https we'd still have 80/443 available through the
>>>> installer.
>>> Correct, 80 and 443 will continue to be the default ports when using
>>> Apache as proxy in front of JBoss:
>>>
>>> 80 -> 80 (no change)
>>> 443 -> 443 (no change)
>>> 8080 -> 6090
>>> 8443 -> 6091
>> This is probably a stupid question, but what are the following ports used for:
>>
>>> 8009 -> 6092
> This port is used for the communication between the Apache web server
> and the JBoss application server using the AJP protocol. It doesn't need
> to be available outside of the machine.
The "Firewall Configuration" chapter of oVirt installation guide
(http://wiki.ovirt.org/wiki/File:OVirt-3.0-Installation_Guide-en-US.pdf)
says that ports 8006 through 8009 are required for network communication
from "Administration Portal Clients" to "oVirt Engine".
>
>>> 4447 -> 6093
> These port is used by the remoting capability of the application server:
> calling EJBs from external applications. We don't use it but it is
> required anyhow. It doesn't need to be available outside of the machine.
>
>>> 4712 -> 6094
>>> 4713 -> 6095
> These two ports are used by the transaction manager inside JBoss. They
> don't need to be available outside of the machine.
>
> So none of them needs a firewall rule to allow inbound traffic. I am
> proposing a different change to bind those ports to the loopback address
> so that they are not available even when the firewall is disabled:
>
> http://gerrit.ovirt.org/6349
>
> I would disable them completely, but didn't find the way to do it yet.
>
>> As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we?
> They don't require a firewall rule to allow incoming traffic. We could
> explain in the documentation that they are required, but only for
> communications internal to the machine.
>
More information about the Engine-devel
mailing list