Configure firewall rules for Red Hat OpenStack Platform director
Configure firewalls between the Controller and Compute nodes
Abstract
1. Configure Firewall Rules for Red Hat OpenStack Platform Director
This article describes the network ports required for controllers on Red Hat OpenStack Platform 8.
Service | Protocol | Ports | Notes |
---|---|---|---|
mongodb_config | TCP | 27019 | mongodb_config |
mongodb_sharding | TCP | 27018 | mongodb_sharding |
mongodb | TCP | 27017 | MongoDB |
mysql_galera | TCP | 873 | MySQL |
mysql_galera | TCP | 3306 | |
mysql_galera | TCP | 3306 | |
mysql_galera | TCP | 4444 | |
mysql_galera | TCP | 4567 | |
mysql_galera | TCP | 4568 | |
mysql_galera | TCP | 9200 | Galera-monitor |
ntp | UDP | 123 | NTP |
VRRP | VRRP | VRRP | |
haproxy_stats | TCP | 1993 | |
redis | TCP | 6379 | internal service coordination |
redis | TCP | 26379 | |
rabbitmq | TCP | 5672 | Rabbitmq |
rabbitmq | TCP | 35672 | Rabbitmq |
ceph | TCP | 6789 | |
ceph | TCP | 6800-6810 | |
keystone | TCP | 5000 | Keystone Public API |
keystone | TCP | 13000 | Keystone Public API (SSL) |
keystone | TCP | 35357 | Keystone Admin API |
keystone | TCP | 13357 | Keystone Admin API (SSL) |
glance | TCP | 9292 | Glance API |
glance | TCP | 9191 | Glance Registry API |
glance | TCP | 13292 | Glance API (SSL) |
nova | TCP | 6080 | Nova novnc Proxy |
nova | TCP | 13080 | Nova novnc Proxy (SSL) |
nova | TCP | 8773 | Nova EC2 API |
nova | TCP | 3773 | Nova EC2 API (SSL) |
nova | TCP | 8774 | Nova API |
nova | TCP | 13774 | Nova API (SSL) |
nova | TCP | 8775 | Nova Metadata |
neutron | TCP | 9696 | Neutron API |
neutron | TCP | 13696 | Neutron API (SSL) |
neutron_DHCP | TCP | 67 | Provisioning the Overcloud |
neutron_DHCP | UDP | 68 | |
neutron_vxlan | UDP | 4789 | VXLAN |
cinder | TCP | 8776 | Cinder API |
cinder | TCP | 13776 | Cinder API (SSL) |
iSCSI | TCP | 3260 | |
memcached | TCP | 11211 | |
Swift | TCP | 8080 | Swift Proxy |
Swift | TCP | 13808 | Swift Proxy (SSL) |
Swift | TCP | 873 | Rsync |
Swift | TCP | 6000 | Object Server |
Swift | TCP | 6001 | Container Server |
Swift | TCP | 6002 | Account Server |
ceilometer | TCP | 8777 | Ceilometer API |
ceilometer | TCP | 13777 | Ceilometer API (SSL) |
heat | TCP | 8000 | Heat AWS CloudFormation-compatible API |
heat | TCP | 13800 | Heat AWS CloudFormation-compatible API (SSL) |
heat | TCP | 8003 | Heat AWS CloudWatch-compatible API |
heat | TCP | 13003 | Heat AWS CloudWatch-compatible API (SSL) |
heat | TCP | 8004 | Heat API Endpoint |
heat | TCP | 13004 | Heat API Endpoint (SSL) |
horizon | TCP | 80 | Dashboard |
horizon | TCP | 443 | Dashboard |
SNMP | UDP | 161 | Ceilometer |
The following ports may also be required, depending on your deployment:
Service | Protocol | Ports | Notes |
---|---|---|---|
Ironic API | TCP | 6385 | |
Ironic API (SSL) | TCP | 13385 | |
Manila API Port | TCP | 8786 | |
Manila API Port (SSL) | TCP | 13786 | |
Mistral API | TCP | 8989 | |
Mistral API (SSL) | TCP | 13989 | |
Sahara API | TCP | 8386 | |
Sahara API (SSL) | TCP | 13386 | |
Trove API | TCP | 8779 | |
Trove API (SSL) | TCP | 13779 | |
Zaqar API | TCP | 8888 | |
Zaqar API (SSL) | TCP | 13888 | |
Ceph RGW | TCP | 8080 | |
Ceph RGW (SSL) | TCP | 13808 | |
Zaqar Web Service | TCP | 9000 | |
Barbican API | TCP | 9311 | |
Barbican API (SSL) | TCP | 13311 | |
Docker Registry | TCP | 8787 | |
Docker Registry (SSL) | TCP | 13787 | |
Gnocchi API | TCP | 8041 | |
Gnocchi API (SSL) | TCP | 13041 |