So I made the changes to the SecurityGroup in AWS and my local FreeIPA servers can't talk up. I suspect this is something on the AWS side. :-(
On Tuesday, March 20, 2018 9:17 AM, Andrew Meyer via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: Thank you sir! I will added the additional ports and let you know if I run into any other issues! On Tuesday, March 20, 2018 9:03 AM, Alexander Bokovoy via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: On ti, 20 maalis 2018, Andrew Meyer via FreeIPA-users wrote: >I have FreeIPA setup on CentOS 7 in AWS. However we are looking to >lock down communication over our VPN tunnel. Trying to do some >research to see what ports I need. I've gotten most of them, >80,443,88,464,389,636,123. I have it setup to allow UDP/TCP for both >sides. However in the amazon security groups I have found that if I >remove 0.0.0.0/0 from the inbound I lose communication to the remote >FreeIPA servers. However the server in AWS can talk back. This email >thread might not be relevant here but I wanted to see what kind of >response i'd get. >Are there ports similar to what needs to be opened for AD ? >I found this on Amazon's website:How to Connect Your On-Premises Active >Directory to AWS Using AD Connector | Amazon Web Services All ports are described in RHEL guides for IdM, though they are split around two big guides. Last year I tried to gather all details about our firewall requirements in a single place to provide input to RHEL documentation writers. Though they haven't yet published their updates to the official documentation, you can peruse my draft: https://vda.li/drafts/firewall-considerations.txt It is dense but it is the best source about IPA communication flows I know. -- / Alexander Bokovoy _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org