[Bro] Ports used between manager/logger/proxy host and worker nodes

C. L. Martinez carlopmart at gmail.com
Mon Apr 17 04:25:23 PDT 2017


Hi all,

 I have setup one manager/logger/proxy host with 5 worker nodes (all using 2.5 version). Two of these 5 worker nodes are behind firewalls. I am seeing several packets dropped between these worker nodes and manager host:

Apr 17 11:23:59.890910 rule 21/(match) [uid 0, pid 75183] block out on vio5: [uid 4294967295, pid 100000] 172.22.59.2.1255 > 172.22.59.4.47763: S 2230094890:2230094890(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1780505936[|tcp]> (DF) (ttl 64, id 47383, len 64, bad ip cksum 14! -> b36d)
Apr 17 11:23:59.890988 rule 21/(match) [uid 0, pid 75183] block out on vio5: [uid 4294967295, pid 100000] 172.22.59.2.35138 > 172.22.59.4.47762: S 4275416417:4275416417(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1149589794[|tcp]> (DF) (ttl 64, id 42370, len 64, bad ip cksum 14! -> c702)
Apr 17 11:23:59.891057 rule 21/(match) [uid 0, pid 75183] block out on vio5: [uid 4294967295, pid 100000] 172.22.59.2.24230 > 172.22.59.4.47761: S 363396747:363396747(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 703336159[|tcp]> (DF) (ttl 64, id 38422, len 64, bad ip cksum 14! -> d66e)

 What ports do I need to open in these firewalls to permit comms between worker nodes and manager host?

Thanks
-- 
Greetings,
C. L. Martinez


More information about the Bro mailing list