Differences

This shows you the differences between two versions of the page.

--- evergreen-admin:security:firewall [2007/10/03 21:13] – Indent the jabber server scenarios to repair miker_'s heinous damage! dbs
+++ evergreen-admin:security:firewall [2022/02/10 13:34] (current) – external edit 127.0.0.1
@@ Line 5: / Line 5: @@
 ====== Security Considerations: Firewall ======
-Note: this is from memory, and I'm sure I got some stuff messed up/missed some stuff.  Pines Staff please verify/change as appropriate.
+In general, we recommend reading more about networking from starting points like [[http://en.wikipedia.org/wiki/Network_port|Wikipedia]] and more authoritative sources on network security.
+===== Incoming ports =====
 Generally, there are about 4 zones you should have for your Evergreen system.  These are as follows:
@@ Line 21: / Line 22: @@
     - The staff client uses the same ports as the public interface, so ports 80 and 443 will need to be opened.
-Outgoing ports:
+===== Outgoing ports =====
-  -25: SMTP-For E-mail notifications
-  -80: Web traffic (Syndicated content, Book Jackets, etc)
-  -210: Z3950 (OCLC, LC, etc)
+Note that these are ports on external servers to which your Evergreen server(s) might need to connect. As a reminder of [[http://en.wikipedia.org/wiki/Network_port|basic networking principles]], outgoing connections on the Evergreen server(s) are assigned to random ports - so when connecting to port 210 on zed.example.com, your Evergreen server might use local port 37080 to make the connection.
+  - 25: SMTP-For E-mail notifications
+  - 80: Web traffic (Syndicated content, Book Jackets, etc)
+  - 210: Z3950 (OCLC, LC, etc).  Note that while 210 is commonly used by Z39.50 servers, it's not the only one in use; for example, the LC Z39.50 server uses port 7090.
 Again: this list is just a start, and by all means incomplete.