[Spice-devel] Spice required ports

David Jaša djasa at redhat.com
Thu Dec 1 09:50:28 PST 2011 

Richard Mann píše v Čt 01. 12. 2011 v 11:01 -0500:
> Just joined.  Not sure where to ask this question.  It relates to
> security and opening ports on a firewall through which the Spice
> clients and server would communicate.  I would like to know how many
> ports will need to be opened on a firewall to support the 6
> communications channels between the Spice clients and server.
> 
> Excerpt from Spice for Newbies PDF.
> --------------------------------------------------------
> 
> 2.3.2.1 Channels
> The client and server communicate via channels. Each channel type is
> dedicated to a specific type
> of data. Each channel uses a dedicated TCP socket......
> 
> The available channels are:
> o Main - implemented by RedClient (see above).
> o DisplayChannel - handles graphic commands, images and video streams.
> o InputsChannel - keyboard and mouse inputs.
> o CursorChannel - pointer device position, visibility and cursor
> shape.
> o PlaybackChannel - audio received from the server to be played by the
> client .
> o RecordChannel - audio captured on the client side.
> 
> --------------------------------------------------------
> 
> After looking at the Spice PDFs it appears to me that 6 ports would
> need to be opened although the default Spice server port appears to be
> 5930 (just one port and not six).
> 
> 
> I would like to know how many ports are required (listening) on the
> Spice server to handle all 6 channels (TCP sockets)?  I am assuming
> each channel (TCP socket) requires its own port on the Spice server.
> 
Hello Rich,

you only need one to two TCP port per VM opened on your firewall. The
source ports need to be unique for each channel, the destination port is
only one per VM (if all channels are open or encrypted), or two per VM
(with some channel encrypted, some not).

IOW, you need to enable port range on your firewall based on above facts
and your configuration (which ports you'll designate for spice traffic).

David

> 
> Thanks,
> Rich
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key:     22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

More information about the Spice-devel mailing list