On 22.11.2009 09:58, Olivier wrote: > > 2009/11/20 zoniguana <rjustinwilli...@gmail.com > <mailto:rjustinwilli...@gmail.com>> > > Depends, really, on your firewall and what you want to accomplish. > Your clients need to be able to initialize connections to the server's > port 8140 (TCP). > Your server needs to be able to reply from its TCP 8140 back to the > client, but does not need to initiate connections. > If you want to push changes out via puppetrun, you need to have the > server able to initiate connections on the client's TCP 8139, and to > have your clients reply to the server from their TCP 8139. > > Hi, > > Does it mean it's not possible to tunnel both 8139 and 8140 > connections into an SSH connection ? > > regards > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=. Also take into account that the connection is already ssl encrypted (https protocol actually), and the connection is already pretty secure as it is (clients are authenticated by their certificate). You may consider changing the puppet default ports to 80 to bypass firewalls if that is an issue.
Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
