Firewalls¶
There may be various firewalls in between the JetStream server and clients. Exceptions or other rules may need to be added to the firewalls protecting the server to allow clients to connect. Typically this means opening and possibly forwarding port 8886
(both TCP and UDP). See JetStream Primer for a list of ports potentially used by the server.
OS Firewalls¶
The OS on the machine hosting the JetStream may be running a software firewall. The following are the most common default firewalls.
CentOS 7¶
By default, the CentOS 7 firewall firewalld is enabled. To allow connection to the JetStream server, you will need to configure or disable the firewall. For instance:
- Allow port 8886 through the firewall:
# sudo firewall-cmd --permanent --zone=public --add-port=8886/tcp --add-port=8886/udp # sudo systemctl restart firewalld
- Disable the firewall:
# sudo systemctl stop firewalld # sudo systemctl disable firewalld
Ubuntu 16.04¶
By default, the Ubuntu firewall ufw is disabled. If you choose to enable it, then you will need to configure it to allow connections to the JetStream server. For instance:
# sudo ufw allow 8886
macOS¶
By default, the macOS firewall is disabled. It can be configured by navigating to Automatically allow downloaded signed software to receive incoming connections should allow connections to the JetStream server. If this option is off, or JetStream is blocked for any reason, then an exception can be added by selecting jetstream from the presented list:
. When enabled, the default settingWindows¶
By default, the Windows firewall is enabled. The JetStream installation automatically adds an exception to allow connections to the JetStream server.
To adjust the firewall configuration, navigate to
.External Firewalls¶
To allow clients to connect to the JetStream server from an external network, any external firewalls between the server and the internet will need to be configured. Typical configuration tasks include:
- Port Forwarding: Allow ports
8886/tcp
and8886/udp
to be redirected to the JetStream server. - Deep Packet Inspection: Some enterprise firewalls provide “Deep Packet Inspection” or “Layer 7 Scanning” options that can block JetStream traffic. These systems can miscategorize JetStream network traffic and therefore block it, sometimes after many hours of operation. In these cases, add an exception according to the firewall documentation.