Skip to content

Specification of network port JumpServer used⚓︎

1 List of network ports JumpServer used⚓︎

  • JumpServer, as a professional operation and maintenance security audit system compliant with the 4A Specification, requires the following network ports for normal operation. Administrators can open the relevant ports on the network and host side according to the deployment scheme of JumpServer components in the actual environment.
Port Purpose Description
22 SSH access Installation、Upgrade and management
80 Web HTTP Service Access JumpServer page UI with HTTP
443 Web HTTPS Service Access JumpSever page UI with HTTPS
3306 Database Service MySQL Service
6379 Database Service Redis Service
3389 Razor Service port Access windows asset with RDP Client
2222 SSH Client Connectted JumpServer with SSH Client,for example, Xshell、PuTTY、MobaXterm..
33061 Magnus MySQL Service port Connect MySQL assets with DB Client
33062 Magnus MariaDB Service port Connect MariaDB assets with DB Client
54320 Magnus PostgreSQL Service port Connect PostgreSQL assets with DB Client
63790 Magnus Redis Service port Connect Redis assets with DB Client
30000-30100 Magnus Oracle Service port Connect Oracle assets with DB Client,the number of the ports can be customized

2 Common comands for Firewall⚓︎

  • Check status of firewall
    firewall-cmd --state
    
    running
    
  • Open the port temporarily(The ruler take effect immediately, but will be lost upon restart)
    firewall-cmd --zone=public --add-port=80/tcp
    firewall-cmd --zone=public --add-port=2222/tcp
    firewall-cmd --add-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept"
    
  • Delete temporary open port(The ruler take effect immediately, but will be lost upon restart)
    firewall-cmd --zone=public --remove-port=80/tcp
    firewall-cmd --zone=public --remove-port=2222/tcp
    firewall-cmd --remove-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept"
    
  • Open port permanently(It neet firewall reload to take effect )
    firewall-cmd --zone=public --add-port=80/tcp --permanent
    firewall-cmd --zone=public --add-port=2222/tcp --permanent
    firewall-cmd --add-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept" --permanent
    firewall-cmd --reload
    
  • Delete port permanently(It neet firewall reload to take effect)
    firewall-cmd --zone=public --remove-port=80/tcp --permanent
    firewall-cmd --zone=public --remove-port=2222/tcp --permanent
    firewall-cmd --remove-rich-rule="rule family="ipv4" source address="172.17.0.1/16" port protocol="tcp" port="8080" accept" --permanent
    firewall-cmd --reload
    
  • Query effective rules of firewall
    firewall-cmd --list-all
    
    public (active)
      target: default
      icmp-block-inversion: no
      interfaces: ens32
      sources:
      services: dhcpv6-client ssh
      ports: 80/tcp 2222/tcp
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:
        rule family="ipv4" source address="172.17.0.1/16" port port="8080" protocol="tcp" accept