Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Configure firewall rules for Red Hat OpenStack Platform director

Red Hat OpenStack Platform 8

Configure firewalls between the Controller and Compute nodes

OpenStack Documentation Team

Abstract

This article describes the firewall rules required for Red Hat OpenStack Platform director.

1. Configure Firewall Rules for Red Hat OpenStack Platform Director

This article describes the network ports required for controllers on Red Hat OpenStack Platform 8.

ServiceProtocolPortsNotes

mongodb_config

TCP

27019

mongodb_config

mongodb_sharding

TCP

27018

mongodb_sharding

mongodb

TCP

27017

MongoDB

mysql_galera

TCP

873

MySQL

mysql_galera

TCP

3306

 

mysql_galera

TCP

3306

 

mysql_galera

TCP

4444

 

mysql_galera

TCP

4567

 

mysql_galera

TCP

4568

 

mysql_galera

TCP

9200

Galera-monitor

ntp

UDP

123

NTP

VRRP

VRRP

 

VRRP

haproxy_stats

TCP

1993

 

redis

TCP

6379

internal service coordination

redis

TCP

26379

 

rabbitmq

TCP

5672

Rabbitmq

rabbitmq

TCP

35672

Rabbitmq

ceph

TCP

6789

 

ceph

TCP

6800-6810

 

keystone

TCP

5000

Keystone Public API

keystone

TCP

13000

Keystone Public API (SSL)

keystone

TCP

35357

Keystone Admin API

keystone

TCP

13357

Keystone Admin API (SSL)

glance

TCP

9292

Glance API

glance

TCP

9191

Glance Registry API

glance

TCP

13292

Glance API (SSL)

nova

TCP

6080

Nova novnc Proxy

nova

TCP

13080

Nova novnc Proxy (SSL)

nova

TCP

8773

Nova EC2 API

nova

TCP

3773

Nova EC2 API (SSL)

nova

TCP

8774

Nova API

nova

TCP

13774

Nova API (SSL)

nova

TCP

8775

Nova Metadata

neutron

TCP

9696

Neutron API

neutron

TCP

13696

Neutron API (SSL)

neutron_DHCP

TCP

67

Provisioning the Overcloud

neutron_DHCP

UDP

68

 

neutron_vxlan

UDP

4789

VXLAN

cinder

TCP

8776

Cinder API

cinder

TCP

13776

Cinder API (SSL)

iSCSI

TCP

3260

 

memcached

TCP

11211

 

Swift

TCP

8080

Swift Proxy

Swift

TCP

13808

Swift Proxy (SSL)

Swift

TCP

873

Rsync

Swift

TCP

6000

Object Server

Swift

TCP

6001

Container Server

Swift

TCP

6002

Account Server

ceilometer

TCP

8777

Ceilometer API

ceilometer

TCP

13777

Ceilometer API (SSL)

heat

TCP

8000

Heat AWS CloudFormation-compatible API

heat

TCP

13800

Heat AWS CloudFormation-compatible API (SSL)

heat

TCP

8003

Heat AWS CloudWatch-compatible API

heat

TCP

13003

Heat AWS CloudWatch-compatible API (SSL)

heat

TCP

8004

Heat API Endpoint

heat

TCP

13004

Heat API Endpoint (SSL)

horizon

TCP

80

Dashboard

horizon

TCP

443

Dashboard

SNMP

UDP

161

Ceilometer

The following ports may also be required, depending on your deployment:

ServiceProtocolPortsNotes

Ironic API

TCP

6385

 

Ironic API (SSL)

TCP

13385

 

Manila API Port

TCP

8786

 

Manila API Port (SSL)

TCP

13786

 

Mistral API

TCP

8989

 

Mistral API (SSL)

TCP

13989

 

Sahara API

TCP

8386

 

Sahara API (SSL)

TCP

13386

 

Trove API

TCP

8779

 

Trove API (SSL)

TCP

13779

 

Zaqar API

TCP

8888

 

Zaqar API (SSL)

TCP

13888

 

Ceph RGW

TCP

8080

 

Ceph RGW (SSL)

TCP

13808

 

Zaqar Web Service

TCP

9000

 

Barbican API

TCP

9311

 

Barbican API (SSL)

TCP

13311

 

Docker Registry

TCP

8787

 

Docker Registry (SSL)

TCP

13787

 

Gnocchi API

TCP

8041

 

Gnocchi API (SSL)

TCP

13041