Overview
This documentation demonstrates ports and protocols used by RCDevs products between different components.
1. Communication Ports used by RCDevs Products
2. WebADM Cluster Ports
At RCDevs Hardening Guide is an example of the iptables firewall rules for a high availability cluster with 4 nodes.
3. Incoming and Outgoing Traffic per Product
| Product | Incoming | Outgoing |
|---|---|---|
| WebADM Master (PKI role) & Web Services |
SSH TCP 22, Session Server TCP 4000, SOAP TCP 8443, HTTPS 443, PKI TCP 5000 |
Session Server TCP 4000 to WebADM Slave, LDAPS 389 or 636, SQL 3306, Licenses service TCP 7001 to license.rcdevs.com, Push service TCP 7000 to push.rcdevs.com, SMTP port to your mail server |
| WebADM Slave (PKI client) & Web Services |
SSH TCP 22, Session Server TCP 4000 SOAP TCP 8443, HTTPS 443 |
Session Server TCP 4000 to WebADM Master, LDAPS 389 or 636, SQL 3306, PKI TCP 5000 to WebADM Master, License service TCP 7001 to license.rcdevs.com, Push service TCP 7000 to push.rcdevs.com, SMTP port to your mail server |
| Radius Bridge | UDP 1812 | TCP 8443 to WebADM |
| LDAP Bridge | LDAPS 389 or 636 | TCP 8443 to WebADM(s) 389 or 636 to LDAP server(s) |
| WA Proxy | HTTPS 443 | HTTPS 443 to WebADM |
| SpanKey Client | SSH TCP 22 | SOAP TCP 8443 to SpanKey Web Service |
| Windows Plugins | X | SOAP TCP 8443 to OpenOTP Web service |
| PAM OpenOTP plugin | UNIX SOCKET | SOAP TCP 8443 to OpenOTP Web service |
| SQL Replication | TCP 3306 | TCP 3306 |
| OpenLDAP Replication | LDAPS 389 or 636 | LDAPS 389 or 636 |
4. Change default WebADM listener Ports
The proper way to change a WebADM default lister port is by creating the /opt/webadm/conf/webadm.env file. In that file, you can configure the following settings:
# Interface used
INTERFACE=1.2.3.4
# Apache standard port
HTTP_PORT_STD=1080
# Apache SSL port
HTTP_PORT_SSL=1443
# Web Service standard port
SOAP_PORT_STD=2080
# Web Service SSL port
SOAP_PORT_SSL=2443
To take into account these changes, you have to restart your WebADM server(s).