TASSTA Documentation Center TASSTA Documentation Center More products
Hide table of contents Hide details Search My account

Network configuration

The following network-related settings are recommended for smooth and secure operation of T.Lion and the related services.

Firewall and security groups

Make sure all servers and the database/cluster are properly secured. It is recommended that you isolate the infrastructure from the Internet and whitelist only known hosts or networks.

Connections to allow on the server

Open the following ports on a firewall:

Port Protocol Direction Use
20 TCP/UDP Outgoing File Transfer Protocol (FTP) data transfer
21 TCP/UDP Outgoing File Transfer Protocol (FTP) control (command)
22 TCP/UDP Incoming Secure Shell (SSH), secure logins, file transfers (scp, sftp) and port forwarding
80 TCP/UDP Outgoing Hypertext Transfer Protocol (HTTP)
443 TCP/UDP Outgoing Hypertext Transfer Protocol Secure (HTTPS)

Stand-alone servers

Port Protocol Purpose Alternative port Security Notes
22 TCP SSH Console Can be changed with Linux CLI Trusted hosts/networks only
80 TCP Local Map tile server Not supported Unrestricted In case of using local Map tile server
3306 TCP MySQL Not supported No external connections
4000 TCP TASSTA Proxy Not supported Unrestricted
4321 TCP T.Commander Can be reassigned
8082 TCP T.Recorder Not supported Unrestricted T.Recorder client connections
60xxx UDP/TCP Recorder server Not supported Unrestricted Unencrypted connection between T.Lion and Recorder server version 3.001 and newer. xxx depends on the server ID.
65xxx UDP/TCP T.Lion Can be reassigned Unrestricted xxx depends on the server ID
Note:

Port 65xxx and the matching 60xxx are opened for each server on T.Lion node. Last 3 digits are equal to the server ID.

Additional ports for T.Mugen client

Allow inbound connections to the following ports in addition to standard T.Lion server ports:

Port Protocol Use
3036 TCP TL Proxy service
5349 TCP/UDP Interactive Connectivity Establishment (ICE) server
3478 UDP TURN/STUN server
49152 to 65535 UDP TURN relay media

HTTP and HTTPS traffic must also be allowed. If you prefer default ports for accessing T.Mugen web interface:

Port Protocol Use
80 TCP/UDP Hypertext Transfer Protocol (HTTP)
443 TCP/UDP Hypertext Transfer Protocol Secure (HTTPS)

Additional ports for high-availability cluster

Port Protocol Purpose Alternative port Security Notes
4444 TCP Cluster SST Not supported Source, destination firewall defined Port for all other State Snapshot Transfer. Should be opened on T.Lion and T.Brother servers.
4567 UDP/TCP Cluster Not supported Source, destination firewall defined, SSL Reserved for Database Cluster replication traffic. Multicast replication uses both TCP and UDP transport on this port. Should be opened on T.Lion and T.Brother servers.
4568 TCP Cluster IST Not supported Source, destination firewall defined Port for Incremental State Transfer. Should be opened on T.Lion and T.Brother servers.
13000 TCP Cluster Arbitrator Can be reassigned Source, destination firewall defined Should be opened on Arbitrator server.
27017 TCP Mongo Database replication Not supported Should be opened on T.Lion and T.Brother servers.
n/a IP protocol 112 (VRRP) Virtual Router Redundancy Protocol Not supported Source, destination firewall defined The Unicast Virtual Router Redundancy Protocol (VRRP) provides a way for multiple hosts to communicate so that one of them at a time can hold a virtual IP address. Should be opened on T.Lion and T.Brother servers.

TASSTA Central Licensing Server (RMP)

Domain or IP address Port
central.tassta.com 55555
116.203.164.16 55555
central1.tassta.com 55555
167.233.13.223 55555

Host names

Consider giving your servers informative names:

  • tls1234 for T.Lion Server.
  • tbs1234 for T.Brother Server.
  • arb1234 for Arbitrator Server.
  • trs1234 for Recorder Server (in case of standalone deployment).

Where 1234 is the license/dongle ID.