Firewall and address translation
Components can be installed behind a firewall, but specific traffic flows must be allowed.
Traffic must be allowed to flow freely between all clients and all servers on ports 1500 and 2500/2551 with SSL.
The Web server or reverse proxy must have a port open for incoming connections (typically ports 80, 443, 8080, or 8443).
Support for address translation
- Port forwarding (from a public IP address to a private address)
- Tunneling with address translation (for example, using ssh tunnel).
Communication between TEXTML Server and CCMS Web Server also does not support IP or port translation. But IP address and port translation is supported between the web browsers of end users and the CCMS Web Server by using a reverse-proxy server.
Requirements for the firewall
Each of the IXIASOFT CCMS components has different requirements for setting up the firewall:
| CCMS component | Installation requirement | Open ports |
|---|---|---|
| TEXTML Server | The IP address of the TEXTML Server must be reachable from the client without address translation. | Port 2500 or 2551 with SSL to the TEXTML Server |
| CCMS Output Generator | The IP address of the CCMS Output Generator must be reachable from the client without address translation. | Port 1500 to the CCMS Output Generator Port 1501 from the CCMS Output Generator to the CCMS Desktop, if enabled |
| CCMS Web | You can install the CCMS Web Server either with or without port translation (NAT, PAT). | The port from the CCMS Web client to the CCMS Web application |
| CCMS Scheduler | No requirements: a client never accesses the CCMS Scheduler. | None |
| CCMS Desktop | The CCMS Desktop supports direct connection or connection through masquerading on the client side (such as through a home rooter). |
All outgoing connections from the client are either sent directly to the TEXTML Server (in direct connection) or automatically translated (by masquerading on the client side), but you must deactivate the incoming connection from the CCMS Output Generator. This is done through the CCMS Desktop preferences, by setting the CCMS Output Generator Monitoring Port to 0. |