Hey all! I’m attempting to use iptables as a means of a firewall for my verdin-am62 board. I currently have a service up and running that is allowing specific ports, but after running this service, it seems I can no longer reach my board through the torizon IDE. I can, however, use PuTTY to ssh into the board, and I can reach my hosted webapp.
What incoming/outgoing ports do I need to allow for connection to my board via the vscode extension?
Thanks!
Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello,
To ensure connectivity between your Verdin AM62 board and the Torizon IDE extension in Visual Studio Code, you need to allow specific ports that are used for various communication and debugging purposes. Here are the essential ports to keep open:
SSH (Secure Shell): Port 22 is used for SSH connections, which is likely why you can still access your board using PuTTY.
HTTP/HTTPS: For web applications, ports 80 (HTTP) and 443 (HTTPS) are commonly used. Since you mentioned being able to reach your hosted webapp, these ports seem to be open.
Visual Studio Code Server: The Torizon IDE extension may use different ports for its services, including the VS Code Server and extensions. It typically communicates over port 5000 for the server. However, this can vary, and you might need to check the specific ports the Torizon IDE extension uses for its operations.
Docker Daemon: The Torizon IDE extension uses Docker for container management. The Docker daemon usually communicates through a Unix socket, but if configured for TCP, it defaults to port 2375 (unencrypted) or 2376 (encrypted).
Other Services: If your development involves other services like databases, message brokers, or custom applications, you’ll need to allow their respective ports as well.
Since the exact ports can depend on your configuration and the services you are using, a good approach is to check the documentation of the Torizon IDE extension and any other services you have running on your Verdin AM62 board. Additionally, monitoring the network traffic to see which ports are being blocked when you try to connect through the Torizon IDE can help identify any additional ports that need to be opened.
Remember, when configuring iptables or any firewall, it’s crucial to balance security and functionality, ensuring that only necessary ports are open to minimize potential vulnerabilities.
Best regards, Toradex AI Assistant
Please, also check if these links can help you solve your problem:
Greetings @jeatontenney,
The exact answer here depends a little. Different projects/templates in our IDE extension use different port numbers. The most straightforward way to get the ports relevant to your use-case would be to create the project you want, then look at the project’s settings.json file.
For example if I create a project using the “Python 3 Console” template, then the default setting.json file would look something like this:
{
"torizon_psswd": "",
"torizon_login": "",
"torizon_ip": "",
"torizon_ssh_port": "",
"host_ip": "",
"torizon_workspace": "${workspaceFolder}",
"torizon_debug_port": "6512",
"torizon_debug_ssh_port": "6502",
"torizon_debug_port2": "",
"torizon_debug_port3": "",
"torizon_gpu": "",
"torizon_arch": "",
"wait_sync": "1",
"torizon_run_as": "torizon",
"torizon_app_root": "/home/torizon/app",
"tcb.packageName": "test",
"tcb.version": "3.8.1",
"torizon.gpuPrefixRC": false
}
So for this project you can see it’s going to use port 6512 for the debugger tool. Also it will use port 6502 for SSH purposes. Now you can modify the ports numbers in settings.json if you want, these numbers are just the defaults.
One final thing that is common for all projects. The toradex device will try to access port 5002 on your development PC in order to fetch container images from your machine to the board. You will probably also want to take this into account. Port 2375 is also used for Docker API purposes.
There’s also this file from the templates repository: vscode-torizon-templates/templates.json at dev · toradex/vscode-torizon-templates · GitHub
This also lists on a per-template basis what ports are going to be used by default (excluding 2375 and 5002).
I believe that’s all/most of the ports you would need to care about.
Best Regards,
Jeremias
Hey there! I figured out what my issue was, and it was actually unrelated to the port numbers. In using IP tables, I was dropping all unrelated traffic at the end of my rule set, but I was forgetting to allow ICMP. This was the reason I could go to my webapp hosted on the board, but I couldn’t ping the ip address of the board, nor connect to it with the vscode ide extension.
Here were the commands listed in a startup script I wrote that fixed my issues:
Allow ICMP traffic (ping and other ICMP types)
sudo iptables -A INPUT -p icmp -j ACCEPT
sudo iptables -A OUTPUT -p icmp -j ACCEPT
I did take your advice and allow most of the ports you mentioned to prevent future issues for myself, thanks for sharing that information.
Hope this thread can help others trying to set up their firewall.
Perfect! Glad you were able to overcome your issue. Thank you for sharing your findings it could be helpful to others.
Best Regards,
Jeremias