Network configuration
The following network-related settings are recommended for smooth and secure operation of T.Lion and the related services.
Firewall and security groups
Make sure all servers and the database/cluster are properly secured. It is recommended that you isolate the infrastructure from the Internet and whitelist only known hosts or networks.
Connections to allow on the server
Open the following ports on a firewall:
Port | Protocol | Direction | Use |
---|---|---|---|
20 | TCP/UDP | Outgoing | File Transfer Protocol (FTP) data transfer |
21 | TCP/UDP | Outgoing | File Transfer Protocol (FTP) control (command) |
22 | TCP/UDP | Incoming | Secure Shell (SSH), secure logins, file transfers (scp, sftp) and port forwarding |
80 | TCP/UDP | Outgoing | Hypertext Transfer Protocol (HTTP) |
443 | TCP/UDP | Outgoing | Hypertext Transfer Protocol Secure (HTTPS) |
Stand-alone servers
Port | Protocol | Purpose | Alternative port | Security | Notes |
---|---|---|---|---|---|
22 | TCP | SSH Console | Can be changed with Linux CLI | Trusted hosts/networks only | |
80 | TCP | Local Map tile server | Not supported | Unrestricted | In case of using local Map tile server |
3306 | TCP | MySQL | Not supported | No external connections | |
4000 | TCP | TASSTA Proxy | Not supported | Unrestricted | |
4321 | TCP | T.Commander | Can be reassigned | ||
8082 | TCP | T.Recorder | Not supported | Unrestricted | T.Recorder client connections |
60xxx | UDP/TCP | Recorder server | Not supported | Unrestricted | Unencrypted connection between T.Lion and Recorder server version 3.001 and newer. xxx depends on the server ID. |
65xxx | UDP/TCP | T.Lion | Can be reassigned | Unrestricted | xxx depends on the server ID |
Note: |
Port 65xxx and the matching 60xxx are opened for each server on T.Lion node. Last 3 digits are equal to the server ID. |
Additional ports for T.Mugen client
Allow inbound connections to the following ports in addition to standard T.Lion server ports:
Port | Protocol | Use |
---|---|---|
3036 | TCP | TL Proxy service |
5349 | TCP/UDP | Interactive Connectivity Establishment (ICE) server |
3478 | UDP | TURN/STUN server |
49152 to 65535 | UDP | TURN relay media |
HTTP and HTTPS traffic must also be allowed. If you prefer default ports for accessing T.Mugen web interface:
Port | Protocol | Use |
---|---|---|
80 | TCP/UDP | Hypertext Transfer Protocol (HTTP) |
443 | TCP/UDP | Hypertext Transfer Protocol Secure (HTTPS) |
Additional ports for high-availability cluster
Port | Protocol | Purpose | Alternative port | Security | Notes |
---|---|---|---|---|---|
4444 | TCP | Cluster SST | Not supported | Source, destination firewall defined | Port for all other State Snapshot Transfer. Should be opened on T.Lion and T.Brother servers. |
4567 | UDP/TCP | Cluster | Not supported | Source, destination firewall defined, SSL | Reserved for Database Cluster replication traffic. Multicast replication uses both TCP and UDP transport on this port. Should be opened on T.Lion and T.Brother servers. |
4568 | TCP | Cluster IST | Not supported | Source, destination firewall defined | Port for Incremental State Transfer. Should be opened on T.Lion and T.Brother servers. |
13000 | TCP | Cluster Arbitrator | Can be reassigned | Source, destination firewall defined | Should be opened on Arbitrator server. |
27017 | TCP | Mongo Database replication | Not supported | Should be opened on T.Lion and T.Brother servers. | |
n/a | IP protocol 112 (VRRP) | Virtual Router Redundancy Protocol | Not supported | Source, destination firewall defined | The Unicast Virtual Router Redundancy Protocol (VRRP) provides a way for multiple hosts to communicate so that one of them at a time can hold a virtual IP address. Should be opened on T.Lion and T.Brother servers. |
TASSTA Central Licensing Server (RMP)
Domain or IP address | Port |
---|---|
central.tassta.com | 55555 |
116.203.164.16 | 55555 |
central1.tassta.com | 55555 |
167.233.13.223 | 55555 |
Host names
Consider giving your servers informative names:
tls1234
for T.Lion Server.tbs1234
for T.Brother Server.arb1234
for Arbitrator Server.trs1234
for Recorder Server (in case of standalone deployment).
Where 1234
is the license/dongle ID.