On 2018-01-15 13:09, Tim Chown wrote:
Hi,
At https://atlas.ripe.net/about/faq/#so-which-services-do-i-need-for-my-probe-t...
it says
"The absolute minimum set is DHCP, DNS and outgoing TCP port 443 (HTTPS) in order to allow the probe to connect to the network. However, this in itself is not enough to do measurements, which is the entire focus of RIPE Atlas, so you should also allow ICMP, UDP (DNS + traceroute), TCP for traceroute and HTTP(S)."
What specific ports and protocols are required for routine operation and for inbound or outbound measurements to be configured? I think the above info could be a little more detailed (having had questions asked of me).
Many thanks, Tim
Hi, The more precise we try to be, the more wrong we'll end up being :-) but I'll try to be a bit more specific. For incoming traffic: the probes don't provide real accessible services, so incoming ICMP/ping and UDP/traceroute is probably enough (assuming the probe is otherwise not firewalled / NATed). For outgoing traffic: the more you allow, the more measurements will have a chance of succeeding. For example, if you only allow TCP/443 out, then measurements to other ports (like TCP/traceroute or TLS to non-443) will likely fail. Allowing outgoing DNS to any server is a must in order to be useful for non-local-resolver queries. And so on. We also have NTP since the writing of the above FAQ entry, and HTTP towards anchors. While the requirements (or, I should say, recommendations) don't change each day, they do evolve over time. Hope this helps! Robert