Scott's picture

Simple question I think - and I can't find the answer - would be good to have it on the FAQs on documented somewhere... anyway....


What ports need to be open to allow backup to the tkl hub?  And is there a range of IP addresses that could be specified to further limit the access?  Obviously important if you want to backup/restore from behind a reasonably well controlled firewall.


Any help appreciated, Scott.

Liraz Siri's picture

You don't need any inbound ports to use TKLBAM, but you do need to allow web access to the Hub and to Amazon Web Services. If you open up outgoing ports 80 (http) and 443 (https) you'll be fine. TKLBAM communicates with the Hub using a vanilla REST web API over SSL. Amazon Web Services also uses a REST web API.

As for the IP ranges, you can look up the current values in the DNS, but alas there's no guarantee that they will stay the same.

BTW, one of my favorite ways of figuring out what sort of network traffic is going out of my system is the iptraf tool:

apt-get install iptraf
Scott's picture


Jeremy Davis's picture

Why do you ask?

Rick's picture

I just installed a firewall and had to open up access to port 123 for TKLBAM to be able to reach the NTP server before it runs it's other processes.  I actually made a bypass rule, but I probably could have just made a standard firewall rule instead.

Jeremy Davis's picture

Good point! That makes sense. :)

Add new comment