Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall Doc page and perfsonar-toolkit-security bundle not sync'd #199

Open
preese opened this issue Sep 14, 2019 · 0 comments
Open

Firewall Doc page and perfsonar-toolkit-security bundle not sync'd #199

preese opened this issue Sep 14, 2019 · 0 comments
Assignees
Labels
correction Errors, typos, fixes to be corrected docs.perfsonar.net

Comments

@preese
Copy link

preese commented Sep 14, 2019

PS firewall port comment--
A recent problem with my deployment prompted a deeper look at the whole firewall setup for PS Agents. Below are the issues I found.

The stock rules from perfsonar-toolkit-security look like this:
services: ssh dhcpv6-client ntp traceroute bwctl owamp-control twamp-control http https
ports: 8760-9960/udp 8760-9960/tcp 18760-19960/udp 18760-19960/tcp 5201/tcp 5201/udp 5001/tcp 5001/udp 5000/tcp 5101/tcp 5000/udp 5101/udp 5890-5900/tcp

The first thing I wanted to confirm were the ports involved in the listed 'services' line. traceroute, bwctl, owamp-control & twamp-control don't match the ports detailed in the docs,

The /etc/services file suggest traceroute only uses port 33434/tcp when it really should cover 33434 - 33634/udp
The bwctl port listing is no longer included in the file at all.
The /etc/services files has owamp-control and twamp-control using ports 861/tcp&udp and 862/tcp&udp respectively (RFC's note that only the TCP port is used but the UDP is also reserved), the docs page suggest only the tcp ports. (not really an issue, just a comment)

Lastly, the docs say nuttcp uses ports 5000, 5101, yet the web page at nuttcp.net has it using port 5000/tcp to listen for commands and ports 5001/tcp and up for transfer streams. Maybe 5001-5004. This would conflict with the Iperf2 test port. Does the perfSONAR code take this into account and intentionally use port 5101 instead of the suggested 5001?

@szymontrocha szymontrocha self-assigned this Oct 10, 2019
@github-project-automation github-project-automation bot moved this to Ready in perfSONAR May 9, 2023
@szymontrocha szymontrocha added the correction Errors, typos, fixes to be corrected label Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
correction Errors, typos, fixes to be corrected docs.perfsonar.net
Projects
Status: Ready
Development

No branches or pull requests

2 participants