Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
Setting up firewall on a Linux Primary Server to allow all ZENworks Imaging traffic may be tricky as some of these services use dynamic ports. This article explains the firewall configuration required on a primary server for using ZENworks Imaging services. Each service and the ports it needs are explained first. A sample configuration for a SLES 11 SP3 primary server follows. If you are using any other OS for the server you might have to adapt the rules accordingly.
Note that the rules apply to Imaging operations within the same subnet with the server and client reachable from each other in a single hop i.e. directly connected over a single switch or hub. Server and client in different networks might need additional configuration which is not covered in this article.
Ports used by ZENworks Imaging Services
Open /etc/sysconfig/SuSEfirewall2 and add (or append) the ports for Imaging services in the corresponding settings:
FW_SERVICES_EXT_TCP="443 998"
FW_SERVICES_EXT_UDP="67 69 4011 13331"
FW_SERVICES_ACCEPT_EXT="0/0,udp,,997 0/0,udp,,999 0/0,udp,,12050"
FW_ALLOW_FW_BROADCAST_EXT="bootps"
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 998 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 67 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4011 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 13331 -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 12050 -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 997 -j ACCEPT
iptables -A INPUT -p udp -m udp --sport 999 -j ACCEPT
iptables -A INPUT -p udp -m pkttype --pkt-type broadcast -m udp --dport 67 -j ACCEPT