I have a probably easily to answer question. :)
I'm setting up Virtualmin on a virtual machine which does sit behind an external firewall, so I'm configuring iptables. Port 10000 opened accordingly.
When trying to use that VM as a BIND Cluster Slave, I noticed that - when transferring zones - it tried to connect to port 10001. So I opened that too. Next try, it used 10002 instead. And so on, until I opened all ports from 10000 to 10010. :)
What behavior am I seeing there? Does Webmin use a certain port range from 10000 upwards? Or does it switch to the next port if one fails?
Doing a netstat -tpln on several of my VMs, I see that on all except one Webmin is listening only on port 10000 (process "perl"), but on the one mentioned above, a "fastrpc.cgi" is listening on 10001-10007.
Which ports do I need to open to allow for "fast RPC" communication?
Comments
Submitted by andreychek on Thu, 07/21/2011 - 10:28 Comment #1
Howdy! How many ports it uses depends on the number of concurrent RPC connections. If there's an active RPC connection, new connections will use the next port up.
We usually suggest opening 10000 to 10010 as you have setup now -- that should do the trick for you!
Submitted by Locutus on Thu, 07/21/2011 - 10:36 Comment #2
Thanks Eric! :)
I suppose the fact that there were 7 (not really connected) listen ports for fastrpc.cgi was because the first few attempts "failed" due to un-opened firewall port? Did the script maybe think there was a connection already active, and didn't notice that timed out and didn't get through the firewall?
Submitted by andreychek on Thu, 07/21/2011 - 10:43 Comment #3
Your thoughts there would be my best guess -- I imagine there was some sort of timeout issue, where some of the connections weren't yet marked as being available.
Jamie, who would actually know, is on vacation now -- but he may chime in with actual information rather than my guessing when he has a moment :-)
Submitted by Locutus on Thu, 07/21/2011 - 11:50 Comment #4
Okidoki, thanks again and there's no hurry!
You know, I just like investigating such things, for one cause I like to understand how stuff works, and to unveil potential issues. :)
One more bit of information for Jamie to read when he comes back: even after restarting Webmin, the fastrpc.cgi processes did not disappear. I suppose though that this can well be intended behavior.
Submitted by JamieCameron on Thu, 07/21/2011 - 11:54 Comment #5
Webmin's RPC will use ports 10000 up to at most 10010 .. assuming there are no more than 10 concurrent RPC clients. However, as you saw some ports can be left hanging if ports are blocked by the firewall ..
Once you open up ports 10000 - 10010, kill all those fastrpc.cgi processes (or wait for them to timeout and die), and all should be well..
Submitted by Locutus on Thu, 07/21/2011 - 16:17 Comment #6
Thanks for the confirmation Jamie! And you really didn't have to interrupt your vacation for this. :-)