02-16-2009 09:14 AM
Was talking to a Symantec (Veritas) support guy the other day, and the topic of firewall ports came up. I mentioned that we're only allowing TCP 13724 (vnetd) and 1556 (pbx) through our firewalls, and he mentioned that I need TCP 1557 also. I've never heard of this one before; the only reference I can find mentions it as a "secondary" PBX port. This port isn't listed in the Security and Encryption Guide, and my system runs fine without it. Anyone come across this before?
Solved! Go to Solution.
02-18-2009 10:00 AM
From what I gather, we USED to use 1557 for "inside" connections (that is, localhost to localhost) but we don't now...probably because the IANA says it isn't ours!
Now, we pick an anonymous port for those communications. Here's an excerpt from the output of a `netstat` from my test box running 6.5.3:
localhost.1557 *.* 0 0 49152 0 LISTEN
localhost.32787 *.* 0 0 49152 0 LISTEN
localhost.32791 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32791 49152 0 49301 0 ESTABLISHED
localhost.32793 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32793 49152 0 49301 0 ESTABLISHED
localhost.32795 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32795 49152 0 49152 0 ESTABLISHED
As you can see, I still have an open on 1557 - if it's available, we'll grab it...it's considered "legacy" behaviour. If 1557 isn't available, no harm, no foul. It doesn't matter because all the "inside" connections are taking place on 32787 in this example.
[ How do I KNOW these are PBX? Well....I cheated and used `lsof` before I ran my netstat so I knew what to cut-n-paste here. ;) ]
1556 should be the only one you have to worry about as far as outside connections coming in, whether PBX grabs 1557 or not.
I couldn't find this documented anywhere, unfortunately.
02-16-2009 09:33 AM
I am not familiar with that port and it is NOT in the document.
VERITAS NetBackup (tm) 6.0 Port Usage Guide for Windows and UNIX Platforms
http://support.veritas.com/docs/281623
02-17-2009 04:32 AM
Nor does port 1557 belong to Symantec, IANA well known port numbers show:
arbortext-lm 1557/tcp ArborText License Manager
Regards
Nicolai
02-17-2009 11:51 PM
02-18-2009 08:25 AM
02-18-2009 10:00 AM
From what I gather, we USED to use 1557 for "inside" connections (that is, localhost to localhost) but we don't now...probably because the IANA says it isn't ours!
Now, we pick an anonymous port for those communications. Here's an excerpt from the output of a `netstat` from my test box running 6.5.3:
localhost.1557 *.* 0 0 49152 0 LISTEN
localhost.32787 *.* 0 0 49152 0 LISTEN
localhost.32791 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32791 49152 0 49301 0 ESTABLISHED
localhost.32793 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32793 49152 0 49301 0 ESTABLISHED
localhost.32795 localhost.32787 49152 0 49152 0 ESTABLISHED
localhost.32787 localhost.32795 49152 0 49152 0 ESTABLISHED
As you can see, I still have an open on 1557 - if it's available, we'll grab it...it's considered "legacy" behaviour. If 1557 isn't available, no harm, no foul. It doesn't matter because all the "inside" connections are taking place on 32787 in this example.
[ How do I KNOW these are PBX? Well....I cheated and used `lsof` before I ran my netstat so I knew what to cut-n-paste here. ;) ]
1556 should be the only one you have to worry about as far as outside connections coming in, whether PBX grabs 1557 or not.
I couldn't find this documented anywhere, unfortunately.
02-18-2009 10:03 AM