8089 Already Bound on new Universal Forwarders and...

DazzedNConfused · ‎06-04-2015

Simply put, I have a group of about 700 Linux Boxes that I use Deployment Server with for over a year. Works great. I recently was trying to add another group of 8 new servers by installing the Universal Forwarder and wanted to manage with my legacy Deployment Server. I know I can change 8089 to anything I want on both sides, but can the Deployment Server comm over two separate ports 8089 and, lets say, 8099? I know you can change 8089 in the web.conf, but can you configure one ServerClass to comm over 8089 and another to comm over 8099?

Already tried to "strong arm" the group that owns the 8 servers. Told them that our requirement is to have 8089 free, and that they need to make it happen first. Bosses talked to Bosses and I got chewed out. No worries, I've been chewed out before. I also know I can change my legacy DS to comm over 8099 and config all my other 700 servers to accommodate these 8, but that is less than ideal. I also don't want a completely separate DS for these 8 servers.

Can I use IPTables at my legacy DS to map anything over 8099 to 8089? Will this hose the existing 700 Boxes listening over 8089? Also, If this is a viable solution accepted by, you, the community of SMEs, please understand I am not a Linux Admin by any stretch, but I am sure I can hack the settings. However, if someone can help me with the commands, I'd be grateful. Here is what Google is telling me:

--iptables -A INPUT -i eth0 -p tcp --dport 8099 -j ACCEPT
--iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
--iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8099 -j REDIRECT --to-port 8080

Should work. Thanks Dazzed

acharlieh · ‎06-04-2015

Now I don't personally use deployment server, but I think the connection arrow is actually the other direction. This doc talks about this mechanism but I'm pretty certain that the process is that the Deployment Client (forwarder) connects to the Deployment Server periodically to register and check for changes. (As opposed to the Deployment Server creating connections to the forwarders).

As a result the port of the forwarder listens on doesn't matter too much (unless you're configuring this port with apps you're pushing out, or if you have a need to remotely invoke things on the forwarders API's yourself), but those are a different story than the normal operation of the Deployment Server.

DazzedNConfused · ‎06-05-2015

Appreciate the response.

At the Application Layer, sure. I do understand that the forwarder connects to the DS to look for changes, but lower in the stack, they communicate over established ports, any established port. My question is:

A: Because the default port 8089 is already bound on my 8 new servers, can the DS establish communications with the forwarder over 2 different ports? 8089 and a new ServerClass talking over 8099
B: If not, can I use IPTables to port forward on the DS?

acharlieh · ‎06-05-2015

But that's the crux of the thing: The DS is not establishing communications. The forwarder (Client) is responsible for establishing the connection to the known port on the DS. The port that the forwarder listens on for its API does not matter, and more than likely, the port that the forwarder will use to initiate that connection should be random (just like how your web browser uses random ports to make connections to web servers on port 80 or 443 when you use HTTP/HTTPS on default ports)

Just like a Web Site, the DS listens on a well defined port, and the forwarders connect to that well defined port.

8089 Already Bound on new Universal Forwarders and a Legacy Deployment Server. Can I use IPtables?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes