Univention Corporate Server (UCS) » Installation

ID #1289

Which TCP / UDP ports on the DC master must be accessable by other UCS systems?

Produktlogo UCS UCS 4

Systems in a UCS domain must be able to establish TCP/UDP connections to the DC master for several services.
If a firewall or other port-blocking devices are used in a site-configuration, this functionallity may be disturbed and ports must be opened directly.

 

The following ports are essential:
Port Protocol Service
22 TCP SSH
37 TCP/UDP Timeserver
53
TCP/UDP Nameserver
88
TCP/UDP Kerberos
123
TCP/UDP NTP
443
TCP HTTPS
464
TCP/UDP Kerberos
749
TCP/UDP Kerberos
6669
TCP Univention Directory Notifier
6670
TCP Univention Management Console
7389
TCP/UDP LDAP
7636
TCP/UDP LDAPS

 

The following ports are used if Samba 4 is in use:
Port Protocol Service
389
TCP/UDP Samba4 LDAP
636
TCP/UDP Samba4 LDAPS
873
TCP Rsync
>=1024
TCP/UDP Samba 4/Dynamic RPC Ports ->
TechNet: Protecting Windows RPC Traffic
3268
TCP/UDP Samba 4/Global Catalog over LDAP
3269
TCP/UDP Samba 4/Global Catalog over LDAPS

 

The following ports could be used by specific services, like UVMM:
Port Protocol Service
80
TCP HTTP-access to repository
5900-5999
TCP/UDP UVMM/vnc
16514
TCP UVMM/libvirtd
49152-49215
TCP/UDP UVMM/migration

 

The post-install routines of UCS packages are creating exceptions for the Univention-Firewall themselve, of course - appropriate exceptions are only needed if external firewall solutions are used.

Additional Information

Tags: UCS 3, UCS 4

Related entries:

Last update: 2015-03-23 10:57
Author: Tim Petersen
Revision: 1.13

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 5 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry