Network settings
Learn about the necessary
Security group rules
The following inbound/outbound traffic must be allowed for
- SQL client connections to the database
- SSH access to all cluster nodes
- HTTPS access to the Administration API
- NTP
- DNS
Optional:
- LDAP
For information on how to configure Amazon EC2 security group rules, see Security group rules - Amazon Elastic Compute Cloud.
Default ports
This section describes the default ports used in Exasol for different protocols and services. Most protocols and database management systems can be manually configured to use other ports.
For restrictive or stateless network configurations additional ports may be required. See Additional ports.
Incoming ports
| Protocol | Port | Source | Destination | Description |
|---|---|---|---|---|
| TCP | 2580 | Database client | Database nodes |
Default BucketFS service You must assign a HTTP or HTTPS port for each BucketFS service that you create. |
| TCP | 4444 |
Customer network |
All nodes | HTTPS access to Administration API |
| TCP | 8443 | Customer network | Database nodes | HTTPS access to Exasol Admin server |
| TCP | 8563 | Database client | Database nodes | Exasol database client connection port |
| TCP | 20000 to 21000 | Database nodes (source) | Database nodes (target) | Data transfer between nodes |
| TCP | 20002 |
Customer network |
All nodes | Shell access to EXACluster Operating System (COS) on all nodes |
| TCP | 20003 |
Customer network |
All nodes | XML-RPC access to ConfD |
Outgoing ports
| Protocol | Port | Source | Destination | Description |
|---|---|---|---|---|
| TCP | 20 | Database nodes | FTP server |
FTP data port for IMPORT/EXPORT Additional ports are required for passive mode (see below) |
| TCP | 21 | Database nodes | FTP server | FTP control port for IMPORT/EXPORT |
| TCP | 990 | Database nodes | FTPS server | FTPS control port for IMPORT/EXPORT |
| TCP | 49152 to 65535 | Database nodes | FTP server | FTP/FTPS PASV mode data ports |
| TCP | 53 | All nodes | DNS server | DNS port |
| TCP | 80 | Database nodes | HTTP server | HTTP port for IMPORT/EXPORT |
| TCP | 123 | All nodes | NTP server | NTP port |
| TCP | 389 | All nodes | LDAP server | LDAP port |
| TCP | 443 | Database nodes | HTTPS server | HTTPS port for IMPORT/EXPORT |
| TCP | 636 | All nodes | LDAPS server | LDAPS port |
| TCP | 1433 | Database nodes | SQL Server database | SQL Server port (JDBC connection) |
| TCP | 1521 | Database nodes | Oracle database | Oracle server port (JDBC/ORA connection) |
| TCP | 3306 | Database nodes | MySQL database | MySQL server port (JDBC connection) |
| TCP | 5000 | Database nodes | Sybase ASE database | Sybase ASE server port (JDBC connection) |
| TCP | 5432 | Database nodes | PostgreSQL database | PostgreSQL server port (JDBC connection) |
| TCP | 8563 | Database nodes | Database client | Exasol database client connection port |
| TCP | 20000 to 21000 | Database nodes (source) | Database nodes (target) | Data transfer between nodes |
| TCP | 50000 | Database nodes | DB2 database | DB2 server port (JDBC connection) |
Additional ports
In environments with restrictive or stateless network controls, return traffic is not implicitly allowed. In such cases it may be necessary to allow the ephemeral port range configured on the operating system to ensure proper node-to-node communication.
Example: TCP 29152 to 65535 (depending on OS configuration)
This port range is:
- Not used directly by Exasol services
- Required for return traffic of internally initiated connections
If this range is not allowed, it may lead to:
- Unstable cluster communication
- Inter-node connection failures
