1

On a network where all OUTPUT ports are closed by default on minion servers, and only required ports are opened, which ports do I have to open on the minion servers for the communication between the Salt master and Salt minions?

This is on Debian GNU/Linux 8.5 (jessie), with Salt master and minions version 2016.3.3 (Boron)

Josip Rodin
  • 1,575
  • 11
  • 17
gogan
  • 115
  • 1
  • 6

1 Answers1

1

Salt minions connect to the master using TCP ports 4505 and 4506.

On firewalled minions one would need the equivalent of:

iptables -I OUTPUT -d <master IP/netblock> -p tcp -m multiport --dports 4505,4506 -j ACCEPT

On a firewalled Salt master one would need the equivalent of:

iptables -I INPUT -s <minion IP/netblock> -p tcp -m multiport --dports 4505,4506 -j ACCEPT
Josip Rodin
  • 1,575
  • 11
  • 17
silviud
  • 2,677
  • 2
  • 16
  • 19
  • 1
    Yeah, that's right, but ..."All OUTPUT ports are closed on minion servers." I want to open the required ports on the minions to allow outgoing traffic to the master server ;) – gogan Oct 05 '16 at 14:53
  • 1
    iptables -I OUTPUT -d 0.0.0.0/0 -p tcp -m multiport --dports 4505,4506 -j ACCEPT – silviud Oct 06 '16 at 01:30
  • 1
    replace 0.0.0.0/0 with the master(s) ip(s) – silviud Oct 06 '16 at 01:31