9.4. Local services on PNS

Local services run on the elements of the PNS Gateway System: on PNS, MS, and CF hosts. PNS hosts can provide the following services locally.

Warning

Local services can be accessed only using IPv4. IPv6 access for local services is currently not supported.

  • ssh: Enables remote SSH access to the PNS host. Opens port TCP/22.

  • smtp: Enables the transport of SMTP (e-mail) traffic. This local service must be enabled if you want to use the native Postfix service of PNS to handle e-mail transfer (see Section 9.3, Postfix). Opens port TCP/25.

  • ntp: Enables clients to synchronize their system clocks to the clock of the PNS host using NTP. This local service must be enabled if you want to use the native NTP service of PNS (see Section 9.2, NTP). Opens port UDP/123.

  • identreject: If enabled, PNS rejects every traffic arriving to the 113/TCP port.

  • dns: Enables clients to use the PNS host as a DNS server. This local service must be enabled if you want to use the native BIND9 service of PNS (see Section 9.1, BIND). Opens port UDP/53.

  • dns-zonetrans: Enables clients to use the PNS host as a DNS server. This local service must be enabled if you want to use the native BIND9 service of PNS and enable zone transfer (see Section 9.1, BIND). Opens port TCP/53.

  • zmsgui: Enables administrators to connect to MS with MC, and manage the PNS Gateway System. Opens port TCP/1314.

  • zmsengine: Enables communication between MS and the PNS hosts. This local service must be enabled if a host is managed from MS. Opens ports TCP/1311 and Opens port TCP/1313.

  • zmsagent: Enables communication between the PNS hosts and MS. This local service must be enabled on the MS host. Opens ports TCP/1310 and Opens port TCP/1312.

Note

PNS automatically enables the services required for the management of the host: zmsagent for PNS hosts; zmsgui and zmsagent for MS hosts. You are recommended to allow SSH as well.

Local services can be managed on the Services tab of the Packet filter MC component. For every local service, the name, used ports, the protocol (TCP or UDP), and the Target parameters are displayed. The target is ACCEPT is access to the service is permitted, REJECT if it is denied. To enable access to a local service on a host, complete the following steps.

Previous Up Next
 Home