Firewall Setup

From Rivendell Wiki

Jump to: navigation, search

--Note: This is still a work in progress, it is not complete!--

Contents

Getting Started

First you need to decide if you want to turn on the local firewall or leave things open. That is something you need to decide. Also you need to decide on whether to firewall outgoing connections or only incoming.

Disadvantages To Enabling the Firewall

  • It makes things more complicated

Advantages To Enabling the Firewall

  • It is Good Security Practice
  • It allows you to know what is exposed
  • It can protect from untrustworthy LAN guests/users

Standalone Rivendell Box

Here you probably are looking at this list to decide on what to open up:

Incoming

  • TCP port 22 - ssh connections (optional: for remote administration)
  • TCP port 3306 - remote MySQL connections (optional: for use of Windows Rivendell Programs. See also: Remote Client Access)
  • TCP port 5901 - VNC connections (optional: for remote connections and administration)
  • UDP port 5859 - RML commands (optional: if you send commands from another Rivendell workstation or Windows)

Outgoing

  • UDP port 123 - ntp client (optional: for time synchronization)

Networked Rivendell Machines

In this setup you would have the MySQL database on one machine and the Audio Library on one machine (probably, though not necessarily, the same one) with the other Rivendell machines connecting in. Here you probably are looking at this list to decide on what to open up:

Incoming

  • TCP port 22 - ssh connections (optional: for remote administration)
  • TCP port 3306 - remote MySQL connections (required: for remote database connections. See also: Remote Client Access)
  • TCP port 5901 - VNC connections (optional: for remote connections and administration)
  • UDP port 5859 - RML commands (optional: if you send commands from another Rivendell workstation or Windows)

Outgoing

  • UDP port 123 - ntp client (optional: for time synchronization)

Networked Rivendell Machines With Hot Standby Setup

Here you probably are looking at this list to decide on what to open up:

Incoming

  • TCP port 22 - ssh connections (optional: for remote administration)
  • TCP port 3306 - remote MySQL connections (required: for remote database connections. See also: Remote Client Access)
  • TCP port 5901 - VNC connections (optional: for remote connections and administration)
  • UDP port 5859 - RML commands (optional: if you send commands from another Rivendell workstation or Windows)

Outgoing

  • UDP port 123 - ntp client (optional: for time synchronization)
Personal tools