Which ports should I keep open?

The components of a CollabNet TeamForge installation listen on a number of operating system ports. Most of these ports are only used internally on the server for application communications. A small subset must be exposed externally to enable users to access all CollabNet TeamForge services.

You can select your open ports in one of three ways:

• When you are installing Red Hat or CentOS, the Firewall Configuration screen lets you set up a basic firewall and allow incoming access on specific ports.
• After installation, you can launch the RedHat/CentOS Security Level Configuration Tool with the command system-config-selinux.
• After installation, you can edit the /etc/sysconfig/iptables file and specify your open ports by hand.

The following operating system level ports must be exposed. All other ports can be firewalled off to maintain security.

22 (ssh)

Port 22 is the default port for the secure shell (ssh). This is required for basic ssh functionality and for CVS, as all CVS transactions occur over ssh.

25 (smtp)

Port 25 is the default port smtp (email). CollabNet TeamForge discussion forums include mailing list functionality that allows users to send email to the CollabNet TeamForge server. The James mail server included with CollabNet TeamForge listens on port 25 to accept this mail for processing.

80 (http)

Port 80 is the default port for Web data transfer.

443 (https)

Port 443 is the default port for encrypted Web data transfer (https). The Apache web server should be configured to encrypt all data so that it cannot be compromised by a third party with malicious intent. Apache can be configured to force all traffic to be sent over https, even when a request is sent via port 80 (http).