[pve-devel] [PATCH docs] firewall-doc: update list of default ports by range used for migration

Christian Ebner c.ebner at proxmox.com
Tue Dec 3 11:05:37 CET 2019


Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
 pve-firewall.adoc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index 2bcdf6e..7c60330 100644
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -426,6 +426,8 @@ following traffic is still allowed for all {pve} hosts in the cluster:
 * TCP traffic from management hosts to port 3128 for connections to the SPICE
   proxy
 * TCP traffic from management hosts to port 22 to allow ssh access
+* TCP traffic from management hosts to port range 60000 to 60050 for migration
+  traffic
 * UDP traffic in the cluster network to port 5404 and 5405 for corosync
 * UDP multicast traffic in the cluster network
 * ICMP traffic type 3 (Destination Unreachable), 4 (congestion control) or 11
@@ -634,6 +636,7 @@ Ports used by {pve}
 * sshd (used for cluster actions): 22
 * rpcbind: 111
 * corosync multicast (if you run a cluster): 5404, 5405 UDP
+* some migration traffic: 60000-60050 TCP
 
 
 ifdef::manvolnum[]
-- 
2.20.1



More information about the pve-devel mailing list