Manager Node Ports

The manager nodes have multiple ports for client application connections, system management connections, and connections to external services. The Manager nodes firewall is configured to allow these connections. To make changes to the manager node firewall settings, contact Technical Support; do not attempt to make changes to the firewall settings yourself.

Ports for Client Applications

All client application and user connections to Yellowbrick appliances occur only through the manager node via the following ports. (See also Opening Network Ports for Clients.)

Port Purpose Protocol Notes
22 ssh TCP Used for database upgrades and administration.
80 SMC HTTP HTTP server port
8182 SMC HTTP Internal port for SMC. External connections can be blocked.
443 SMC HTTPS TLS versions 1.1 and 1.2 only
5432 Yellowbrick database TCP Default port for database connections for all protocols: ODBC, JDBC, libpq, and so on. This port can be changed.
11111 ybtools control port TCP Control port used for ybload, ybunload, ybbackup, and ybrestore.
11112 ybtools control port TCP Control port used when the --secured option is specified for ybload, ybunload, ybbackup, ybrestore.
31000 and 31001 ybtools data transfer TCP

BMC Ports

The Baseboard Management Controller (BMC) is the lights-out management application for the manager nodes. It may be on the same or a different network from the manager nodes. Only Yellowbrick system managers should need access to the BMC.

Port Purpose Protocol Notes
22 ssh TCP Used for database upgrades and administration.
80 BMC Admin UI HTTP HTTP server port
443 BMC Admin UI HTTPS TLS versions 1.1 and 1.2 only
5900 BMC TCP Management port

Connections to External Services

By default, the manager node attempts to connect to the following external services.

Service Host:port Protocol Purpose/Notes
DNS service …:53 TCP
  • Look up phonehome.yellowbrick.io
  • Resolve host names in authentication, etc.
  • Disabling creates pauses in operations
NTP time server service time.nist.gov:123 UDP
  • Time sync server
  • Can be disabled or configured to contact a different NTP server
Red Hat Subscription subscription.rhn.redhat.com :443 TCP Can be blocked; not needed.
Yellowbrick remote diagnostics (phonehome) phonehome.yellowbrick.com:443 TCP Only needed if phonehome is enabled; it is not enabled by default. See Remote Diagnostics for configuration instructions.