Specification of network port JumpServer used⚓︎
1 List of network ports JumpServer used⚓︎
- JumpServer, as a professional operation and maintenance security audit system compliant with the 4A Specification, requires the following network ports for normal operation. Administrators can open the relevant ports on the network and host side according to the deployment scheme of JumpServer components in the actual environment.
Port | Purpose | Description |
---|---|---|
22 | SSH access | Installation、Upgrade and management |
80 | Web HTTP Service | Access JumpServer page UI with HTTP |
443 | Web HTTPS Service | Access JumpSever page UI with HTTPS |
3306 | Database Service | MySQL Service |
6379 | Database Service | Redis Service |
3389 | Razor Service port | Access windows asset with RDP Client |
2222 | SSH Client | Connectted JumpServer with SSH Client,for example, Xshell、PuTTY、MobaXterm.. |
33061 | Magnus MySQL Service port | Connect MySQL assets with DB Client |
33062 | Magnus MariaDB Service port | Connect MariaDB assets with DB Client |
54320 | Magnus PostgreSQL Service port | Connect PostgreSQL assets with DB Client |
63790 | Magnus Redis Service port | Connect Redis assets with DB Client |
30000-30100 | Magnus Oracle Service port | Connect Oracle assets with DB Client,the number of the ports can be customized |
2 Common comands for Firewall⚓︎
- Check status of firewall
firewall-cmd --state
running
- Open the port temporarily(The ruler take effect immediately, but will be lost upon restart)
firewall-cmd --zone=public --add-port=80/tcp firewall-cmd --zone=public --add-port=2222/tcp firewall-cmd --add-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept"
- Delete temporary open port(The ruler take effect immediately, but will be lost upon restart)
firewall-cmd --zone=public --remove-port=80/tcp firewall-cmd --zone=public --remove-port=2222/tcp firewall-cmd --remove-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept"
- Open port permanently(It neet firewall reload to take effect )
firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --zone=public --add-port=2222/tcp --permanent firewall-cmd --add-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept" --permanent firewall-cmd --reload
- Delete port permanently(It neet firewall reload to take effect)
firewall-cmd --zone=public --remove-port=80/tcp --permanent firewall-cmd --zone=public --remove-port=2222/tcp --permanent firewall-cmd --remove-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept" --permanent firewall-cmd --reload
- Query effective rules of firewall
firewall-cmd --list-all
public (active) target: default icmp-block-inversion: no interfaces: ens32 sources: services: dhcpv6-client ssh ports: 80/tcp 2222/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="172.17.0.1/16" port port="8080" protocol="tcp" accept