Depends, really, on your firewall and what you want to accomplish. Your clients need to be able to initialize connections to the server's port 8140 (TCP). Your server needs to be able to reply from its TCP 8140 back to the client, but does not need to initiate connections. If you want to push changes out via puppetrun, you need to have the server able to initiate connections on the client's TCP 8139, and to have your clients reply to the server from their TCP 8139.
If you're looking at connection states, on iptables, you want: -s CLIENT -d SERVER -m state --state NEW,ESTABLISHED,RELATED -p TCP -- dport 8140 -j ACCEPT -s SERVER -d CLIENT -m state --state ESTABLISHED,RELATED -p TCP -- sport 8140 -j ACCEPT -s CLIENT -d SERVER -m state --state ESTABLISHED,RELATED -p TCP -- sport 8139 -j ACCEPT -s SERVER -d CLIENT -m state --state NEW,ESTABLISHED,RELATED -p TCP -- dport 8139 -j ACCEPT Your version of iptables may have some variance to the above, but, that should get you pointed in the right direction. Hope that helps a bit. On Nov 19, 10:17 am, william pink <will.p...@gmail.com> wrote: > On Thu, Nov 19, 2009 at 3:12 PM, JoE <joehil...@gmail.com> wrote: > > I understand that puppet needs port 8140 tcp/udp open for server and > > client. > > > Will puppet work if a firewall is set up between these two hosts that > > only allows traffic from the server to the client (server -> client), > > or is two communication required? > > > Thanks for the help, > > > -JoE > > > -- > > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=. > > I am a new user to Puppet but I was going to tackle this issue with a SSH > tunnel but it would be good to hear other peoples thoughts on this.. > > Thanks, > Will -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=.
