Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
How to configure iptables to allow proper function of Privilege Manager for Unix on a server? How are ephemeral ports handled?
설명
How to configure iptables to allow proper function of Privilege Manager for Unix on a server? How are ephemeral ports handled?
해결 방안
Privilege Manager uses single port numbers for the main pmmasterd and pmlocald connections, as defined by the localport and masterport settings in the pm.settings file.
The only ephemeral ports that would need to be configured in iptables would be for the pmlocald->pmrun connection.
See the Privilege Manager for Unix Port Usage diagram - https://support.oneidentity.com/technical-documents/privilege-manager-for-unix/6.0/administrators-guide/44
When the runhost is not the submit host (e.g. when using pmrun -h for remote execution). The non-reserve port range used for this connection is between 1024 and 31024 by default, but can be specified using the setnonreserveportrange setting.
See https://support.oneidentity.com/technical-documents/privilege-manager-for-unix/6.0/administrators-guide/88#TOPIC-75827).
Please note that this setting needs to be the same on all privilege manager hosts.