Opening Network Ports for Clients
The Yellowbrick client applications (ybtools
) run on customer computers
and need to communicate with the Yellowbrick appliance in order to send or receive data,
using the customer's existing network infrastructure. The appliance is usually installed in
a server room or a data center, while the clients run on desktop machines throughout the
company or on other servers that may or may not be in the same physical location as the
appliance.
Connection Refused
: the firewall rejected the traffic and sent a response to the client indicating that it was rejected.Connection Timeout
: the firewall dropped the traffic without sending a response to the client.
5432
is not open, ybsql
returns the following error:
$ ybsql -h premdb yellowbrick
ybsql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
Port Numbers
5432
: normal database port (used by all clients)11111
: control port, unsecured HTTP (used byybload
,ybunload
,ybbackup
,ybrestore
)11112
: control port, secured HTTPS (used byybload
,ybunload
,ybbackup
,ybrestore
when SSL-only mode is in effect or the--secured
option is specified via one of the Yellowbrick client tools)When SSL-only mode is used for client connections, both
11111
and11112
need to be open. Connections may be automatically redirected from11111
to11112
.31000
and31001
: two ports for sending and receiving data (used byybload
,ybunload
,ybbackup
,ybrestore
, and so on)
Configure the network firewall to allow traffic from the client computer to the appliance on these ports (for example, by opening up the ports using source and destination filters in routing tables). The corporate IT staff should be familiar with this process and should only need to be informed about the port requirements listed on this page. In most cases, a VPN should not be necessary to send Yellowbrick client traffic through corporate firewalls.