9.4. Local services on Zorp

Local services run on the elements of the Zorp Gateway System: on Zorp, ZMS, and ZCV hosts. Zorp hosts can provide the following services locally:

Warning

Local services can be accessed only by using IPv4. IPv6 access for local services is currently not supported.

  • ssh: It enables remote SSH access to the Zorp host. It opens port TCP/22.

  • smtp: It enables the transport of SMTP (e-mail) traffic. This local service must be enabled if you want to use the native Postfix service of Zorp to handle e-mail transfer (see Section 9.3, Postfix). It opens port TCP/25.

  • nagios-nrpe-server: It enables nagios-nrpe-server to query the Zorp. This local service must be enabled if you want to monitor your Zorp with Nagios (see Procedure 17.3, Monitoring Zorp with Nagios. It opens port TCP/5666.

  • munin-node: It enables Munin to query the Zorp. This local service must be enabled if you want to monitor your Zorp with Munin (see Procedure 17.1, Monitoring Zorp with Munin. It opens port TCP/4949.

  • ntp: It enables clients to synchronize their system clocks to the clock of the Zorp host using NTP. This local service must be enabled if you want to use the native NTP service of Zorp (see Section 9.2, NTP). It opens port UDP/123.

  • identreject: If it is enabled, Zorp rejects every traffic arriving to the 113/TCP port.

  • dns: It enables clients to use the Zorp host as a DNS server. This local service must be enabled if you want to use the native BIND9 service of Zorp (see Section 9.1, BIND). It opens port UDP/53.

  • dns-zonetrans: It enables clients to use the Zorp host as a DNS server. This local service must be enabled if you want to use the native BIND9 service of Zorp and enable zone transfer (see Section 9.1, BIND). It opens port TCP/53.

  • zmsgui: It enables administrators to connect to ZMS with ZMC, and manage the Zorp Gateway System. It opens port TCP/1314.

  • zmsengine: It enables communication between ZMS and the Zorp hosts. This local service must be enabled if a host is managed from ZMS. It opens ports TCP/1311 and port TCP/1313.

  • zmsagent: It enables communication between the Zorp hosts and ZMS. This local service must be enabled on the ZMS host. It opens ports TCP/1310 and TCP/1312.

Note

Zorp automatically enables the services required for the management of the host: zmsagent for Zorp hosts; zmsgui and zmsagent for ZMS hosts. It is recommended to allow SSH as well.

Local services can be managed on the Services tab of the Packet filter ZMC component. For every local service, the Name, the used Port or ICMP type), the Protocol (TCP, UDP or ICMP), and the Target parameters are displayed. If the value for the Target parameter is ACCEPT for a local service, the service is permitted, if the vaue is REJECT it is denied. To enable access to a local service on a host, complete the following steps.