Preparation of environment on UNIX-like systems (Linux, *BSD)
Checking the openness of the necessary ports
Checking the absence of filtering of outgoing traffic for ports 443 and 9000
To check for firewall filtering, follow the steps depending on the software you are using:
iptables
It is necessary to check for rules that prohibit outgoing traffic on ports 443 and 9000.
To do this, please enter the following command into the terminal:
Please make sure that the output does not contain any DROP or REJECT rules.
Next stpe is to check the outgoing traffic policy used.
To do this, please enter the following command into the terminal:
The expected output of the command should be as follows:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
firewalld
It is necessary to check for rules that prohibit outgoing traffic on ports 443 and 9000.
To do this, please enter the following command into the terminal:
The command output should not contain rules containing port="443" or port="9000":
rule family="ipv4" destination port port="443" protocol="tcp" reject
rule family="ipv4" destination port port="9000" protocol="tcp" reject
ufw (Uncomplcated Firewall)
It is necessary to check for rules that prohibit outgoing traffic on ports 443 and 9000.
To do this, please enter the following command into the terminal:
Make sure there are no rules containing DENY OUT for ports 443 and 9000.
nftables
It is necessary to check for rules that prohibit outgoing traffic on ports 443 and 9000.
To do this, please enter the following command into the terminal:
Make sure that in the command output:
- There are no rules for filtering ports 443 and 9000.
- The policy for chain output is set to policy accept. Example:
chain output {
type filter hook output priority filter; policy accept;
}
Checking the availability of port 8999 on the VM
Make sure port 8999 is not occupied by any process.
To do this, please enter the following command into the terminal:
The output of the specified command should be empty.
Checking the status of port 22 (SSH)
Please check that the SSH server is running and listening on port 22.
To do this, please enter the following command into the terminal:
Expected output of this command:
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
Disabling SELinux (if applicable)
It is necessary to check that SELinux is used.
To do this, please enter the following command into the terminal:
If the specified command is not found, or if the command output indicates:
SELinux status: disabled
Then no further action is required.
If the command output looks like this:
SELinux status: enabled
It is necessary to temporarily disable the enforcing mode, for which enter the command in the terminal:
Please note that this change is valid until the operating system is rebooted.
If the system has rebooted, you should enter the command again.
Preparing the environment on Windows
Creating firewall rules for the required ports (443, 9000, 8999)
To allow both inbound and outbound traffic to ports 443, 9000, and 8999, create two rules: one for Inbound traffic and one for Outbound traffic.
Creating of combined rules (Inbound and Outbound):
- Open Windows Defender Firewall with Advanced Security.
- Create new rule:
- Rule type: Port.
- Protocol: TCP.
- Ports: 443, 9000, 8999.
- Action: Allow the connection.
- Apply to all profiles: Domain, Private, Public.
Rule for the Inbound traffic:
- Rule name: MIND Migrate - Allow Inbound Ports 443, 9000, 8999.
- Type: Inbound.
- Make sure the rule is active.
Rule for the Outbound traffic:
- Rule name: MIND Migrate - Allow Outbound Ports 443, 9000, 8999.
- Type: Outbound.
- Make sure the rule is active.
Cheking that port 445 (SMB) is opened:
Activation of the existing rule for 445 (SMB)
- Open Windows Defender Firewall with Advanced Security.
- Go to section Inbound Rules и Outbound Rules.
- Find the rule "File and Printer Sharing (SMB-In)" и "File and Printer Sharing (SMB-Out)".
- Make sure it is Enabled.
- If any of the rules are disabled, right-click on it and click Enable Rule.
Checking the availability of port 8999 on localhost
Open PowerShell and run command:
The output should be empty.