<font face="tahoma,sans-serif">you can allow traffic only between instances in the same security group by setting the "source" field to the id of the security group </font><div><font face="tahoma,sans-serif"><br>
</font></div><div><font face="tahoma,sans-serif"><a href="http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule">http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html#adding-security-group-rule</a><br>
</font><br><div class="gmail_quote">On Fri, Mar 16, 2012 at 18:25, John Stoner <span dir="ltr"><<a href="mailto:johnstoner2@gmail.com">johnstoner2@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>[Just a bit of context, some of this conversation happened off list--I'm trying to start a rabbitmq cluster on some firewalled EC2 instances, and Emile has been helping me identify all the details about ports and configuration and all that good stuff.]</div>
<div><br></div><div>We're looking to open fewer ports, not more.<i> </i>Is there a minimum we could do? Would one work, or would it break something else?<div><br></div><div>Also, we have these ports open to all TCP. In the spirit of securing our systems, I guess we could open 4369 only to the IPs of the other machines in the cluster. Is that a good idea? Can you think of more firewall restrictions to add?</div>
<div style="outline-style:none;outline-width:initial;outline-color:initial;padding-top:10px;padding-right:0px;padding-bottom:10px;padding-left:0px;width:22px;margin-top:2px;margin-right:0px;margin-bottom:0px;margin-left:0px">
<div style="background-color:rgb(241,241,241);border-top-width:1px;border-right-width:1px;border-bottom-width:1px;border-left-width:1px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(221,221,221);border-right-color:rgb(221,221,221);border-bottom-color:rgb(221,221,221);border-left-color:rgb(221,221,221);clear:both;line-height:6px;outline-style:none;outline-width:initial;outline-color:initial;width:20px">
<img style="background-image:url('');background-color:initial;min-height:8px;width:20px;background-repeat:no-repeat no-repeat"></div>
</div><div></div><div><div><div><div style="margin-top:5px;margin-right:0px;margin-bottom:5px;margin-left:0px"></div><div style="color:rgb(80,0,80)"><br><div class="gmail_quote">
On Fri, Mar 16, 2012 at 5:24 AM, Emile Joubert <span dir="ltr"><<a href="mailto:emile@rabbitmq.com" style="color:rgb(17,85,204)" target="_blank">emile@rabbitmq.com</a>></span> wrote:<div class="im"><br><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Hi John,<br><div><br>On 16/03/12 05:41, John Stoner wrote:<br>> OK, I got it to start with a good config file. what's an appropriate<br>> range for these port numbers?<br><br></div>You are free to use any unused port range between 1024 and 65536.<br>
<font color="#888888"><br><br>-Emile<br><br></font></blockquote></div></div><br><br clear="all"></div></div></div></div></div><div class="HOEnZb"><div class="h5">-- <br>blogs:<br><a href="http://johnstoner.wordpress.com/" target="_blank">http://johnstoner.wordpress.com/</a><br>
'In knowledge is power; in wisdom, humility.' <br>
</div></div><br>_______________________________________________<br>
rabbitmq-discuss mailing list<br>
<a href="mailto:rabbitmq-discuss@lists.rabbitmq.com">rabbitmq-discuss@lists.rabbitmq.com</a><br>
<a href="https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss" target="_blank">https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss</a><br>
<br></blockquote></div><br></div>