Red Hat SummitFirewall Rules for Red Hat OpenStack Platform
List of required ports and protocols.
Abstract
1. Firewall Rules for Red Hat OpenStack Platform
This article describes the firewall configuration created by the director on Red Hat OpenStack Platform 10. These ports are required for services running on the overcloud.
1.1. Nova API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| nova | TCP | 6080 | Nova novnc Proxy |
| nova | TCP | 13080 | Nova novnc Proxy (SSL) |
| nova | TCP | 8773 | Nova EC2 API |
| nova | TCP | 3773 | Nova EC2 API (SSL) |
| nova | TCP | 8774 | Nova API |
| nova | TCP | 13774 | Nova API (SSL) |
| nova | TCP | 8775 | Nova Metadata |
1.2. HAProxy
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| haproxy_stats | TCP | 1993 |
1.3. Glance Registry API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| glance | TCP | 9191 | Glance Registry API |
1.4. Ceilometer API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ceilometer | TCP | 8777 | Ceilometer API |
| ceilometer | TCP | 13777 | Ceilometer API (SSL) |
1.5. Keystone
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| keystone | TCP | 5000 | Keystone Public API |
| keystone | TCP | 13000 | Keystone Public API (SSL) |
| keystone | TCP | 35357 | Keystone Admin API |
| keystone | TCP | 13357 | Keystone Admin API (SSL) |
1.6. Ironic Conductor
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| TFTP | UDP | 69 | |
| HTTP | TCP | 8088 |
1.7. Nova Libvirt
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| nova_libvirt | TCP | 16514 |
1.8. RabbitMQ
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| rabbitmq | TCP | 4369 | Rabbitmq |
| rabbitmq | TCP | 5672 | Rabbitmq |
| rabbitmq | TCP | 25672 | Rabbitmq |
1.9. Glance API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| glance | TCP | 9292 | Glance API |
| glance | TCP | 13292 | Glance API (SSL) |
1.10. keepalived
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| VRRP | VRRP | VRRP |
1.11. Redis
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| redis | TCP | 6379 | Internal service coordination |
| redis | TCP | 26379 |
1.12. MySQL Galera
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| mysql_galera | TCP | 873 | MySQL |
| mysql_galera | TCP | 3306 | |
| mysql_galera | TCP | 4444 | |
| mysql_galera | TCP | 4567 | |
| mysql_galera | TCP | 4568 | |
| mysql_galera | TCP | 9200 | Galera-monitor |
1.13. MongoDB
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| mongodb_config | TCP | 27019 | mongodb_config |
| mongodb_sharding | TCP | 27018 | mongodb_sharding |
| mongodb | TCP | 27017 | MongoDB |
1.14. NTP
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ntp | UDP | 123 | NTP |
1.15. Swift Storage
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| swift | TCP | 873 | Rsync |
| swift | TCP | 6000 | Object Server |
| swift | TCP | 6001 | Container Server |
| swift | TCP | 6002 | Account Server |
1.16. Ceph OSD
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ceph | TCP | 6800-7300 |
1.17. Neutron L3
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| VRRP | VRRP | VRRP |
1.18. Heat CloudFormation API service
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| heat | TCP | 8000 | Heat AWS CloudFormation-compatible API |
| heat | TCP | 13800 | Heat AWS CloudFormation-compatible API (SSL) |
1.19. Gnocchi API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| gnocchi | TCP | 8041 | Gnocchi API |
| gnocchi | TCP | 13041 | Gnocchi API (SSL) |
1.20. Gnocchi Statsd
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| gnocchi_statsd | UDP | 8125 | Network daemon for statistics |
1.21. Neutron DHCP
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| neutron_DHCP | UDP | 67 | Provisioning the Overcloud |
| neutron_DHCP | UDP | 68 |
1.22. Ceilometer SNMP
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| SNMP | UDP | 161 | Ceilometer |
1.23. Heat API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| heat | TCP | 8004 | Heat API Endpoint |
| heat | TCP | 13004 | Heat API Endpoint (SSL) |
1.24. Neutron OVS Agent
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| neutron_vxlan | UDP | 4789 | VXLAN |
| neutron_vxlan | GRE | GRE |
1.25. Swift Proxy
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| swift | TCP | 8080 | Swift Proxy |
| swift | TCP | 13808 | Swift Proxy (SSL) |
1.26. Heat AWS CloudWatch-compatible API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| heat | TCP | 8003 | Heat AWS CloudWatch-compatible API |
| heat | TCP | 13003 | Heat AWS CloudWatch-compatible API (SSL) |
1.27. Memcached service
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| memcached | TCP | 11211 |
1.28. Ceph Monitor service
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ceph | TCP | 6789 |
1.29. Ceph RadosGW service
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ceph_rgw | TCP | 8080 | Ceph RGW |
| ceph_rgw | TCP | 13080 | Ceph RGW (SSL) |
1.30. Cinder API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| cinder | TCP | 8776 | Cinder API |
| cinder | TCP | 13776 | Cinder API (SSL) |
1.31. Cinder Volume iSCSI Initiator
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| iSCSI | TCP | 3260 |
1.32. Ironic API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| ironic | TCP | 6385 | Ironic API |
| ironic | TCP | 13385 | Ironic API (SSL) |
1.33. pacemaker
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| pacemaker | TCP | 2224 | |
| pacemaker | TCP | 3121 | |
| pacemaker | TCP | 21064 | |
| pacemaker | UDP | 5405 |
1.34. Sahara API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| sahara | TCP | 8386 | Sahara API |
| sahara | TCP | 13386 | Sahara API (SSL) |
1.35. Neutron API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| neutron | TCP | 9696 | Neutron API |
| neutron | TCP | 13696 | Neutron API (SSL) |
1.36. Horizon
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| horizon | TCP | 80 | Dashboard |
| horizon | TCP | 443 | Dashboard (SSL) |
1.37. AODH API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| aodh_api | TCP | 8042 | |
| aodh_api | TCP | 13042 |
1.38. Manila API
| Service | Protocol | Ports | Notes |
|---|---|---|---|
| manila | TCP | 8786 | Manila API |
| manila | TCP | 13786 | Manila API |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}