Creating Firewall Rules for OpenLink Applications
Introduction
These days it is becoming more common to enable firewalls on internal networks as well as when dealing with the broader Internet.
In this document, we will describe how to set up firewall rules to open several default ports and special networks:
application | protocol | port(s) | description | internal or external network |
---|---|---|---|---|
oplmgr |
UDP | 60001 | Broadcast on 224.0.0.24/32
|
internal only |
oplmgr |
TCP | 60001 | Downloading license statistics | internal only |
oplrqb |
TCP | 5000 | UDA Request Broker | internal and external |
*_sv and *_mv
|
TCP | 5000 – 5050 | UDA Database Agents and Bridge Agents | internal and external |
www_sv |
TCP | 8000 | UDA Request Broker Admin Assistant | internal and external |
virtuoso |
TCP | 1111 | Virtuoso ODBC, JDBC, ADO.NET, OLE DB, and iSQL | internal and external |
virtuoso |
TCP | 8890 | Virtuoso HTTP endpoint | internal and external |
If your operating system is not mentioned in this document or you are having issues with the instructions provided, please contact our Support Department for assistance.
Amazon AMI
The firewall for Amazon AMIs is normally set up either in the AWS console for an individual AMI, or in a VPS description to set a policy for a group of servers.
In such cases, we only need to enter rules for the ports that should be enabled for external networks and for the applications we actually want to access from outside of the network. Thus, if your virtuoso installation only needs to accept connections from the Internet via the HTTP protocol, you would typically only open port 8890 for the default HTTP endpoint, or port 80 and/or 443 if you have created specific HTTP and/or HTTPS endpoints in Virtuoso.
In some cases, individual AMs can have their own firewall rules on top of the ones provided by the AWS console. In such cases, read the section for the specific OS later in this document.
Microsoft Azure
This is a similar to the Amazon AMI setup.
RedHat/Centos 5.x and 6.x
RedHat/Centos 7.x, Fedora 18 and newer
These operating system versions use the firewalld
package.
The following command can be used to check if the package is installed and enabled:
$ sudo /bin/firewall-cmd --state
running
If firewall-cmd
is not found or it returns not running
, the firewall software is not enabled, and no further actions should be needed to run any of the OpenLink applications on your system.
The following commands are required for the oplmgr
process.
First, enable multicast on IPv4 based networks –
$ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
$ sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
If your network is IPv6-based –
$ sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
$ sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -m pkttype --pkt-type multicast -j ACCEPT
Ubuntu 16.04 and newer, Debian 9 and newer
These operating system versions use the Uncomplicated Firewall (UFW) software.
The following command can be used to check if this package is installed and enabled:
$ sudo /usr/sbin/ufw status
Status: active
If ufw
is not found or it returns Status: inactive
, the firewall software is not enabled, and no further actions should be needed to run any of the OpenLink applications on your system.
To enable the oplmgr
program:
$ sudo ufw allow in proto udp from 224.0.0.24/32 port 60001
Microsoft Windows
Other operating systems
Many other operating systems also have specific applications to create firewall rules.
If you know the commands to use on an operating system not described above, please feel free to contact our Support Department with the details, and we will add your instructions to this document.