Add TCP 9000+ dashboard ports to firewall config and documentation

Each customer gets TCP 9000+ID (dashboard) and UDP 3478+ID (relay). Updated install.sh firewall section, completion summary, and README. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 17:42:49 +01:00
parent 817cb7e9bb
commit af5bec8e77
2 changed files with 23 additions and 8 deletions
--- a/README.md
+++ b/README.md
@@ -131,11 +131,18 @@ Per customer instance (5 containers): **~100 MB RAM**
 | Port | Protocol | Purpose |
 |------|----------|---------|
 | 8000 | TCP | NetBird MSP Appliance Web UI |
-| 3478+ | UDP | STUN/TURN relay (one per customer) |
+| 9000+ | TCP | NetBird Web Management per customer (one per customer, increments by 1) |
 | 3478+ | UDP | STUN/TURN relay per customer (one per customer, increments by 1) |
-Example: Customer 1 = UDP 3478, Customer 2 = UDP 3479, ..., Customer 100 = UDP 3577.
+Example for 3 customers:
-**Your firewall must allow the UDP relay ports for NetBird to function!**
+| Customer | Dashboard (TCP) | Relay (UDP) |
 |----------|----------------|-------------|
 | Kunde 1  | 9001           | 3478        |
 | Kunde 2  | 9002           | 3479        |
 | Kunde 3  | 9003           | 3480        |
 **Your firewall must allow both the TCP dashboard ports and the UDP relay ports!**
 ---
--- a/install.sh
+++ b/install.sh
@@ -432,24 +432,31 @@ clear
 echo -e "${BLUE}${BOLD}[Step 9/10]${NC} ${BLUE}Firewall Configuration${NC}\n"
 echo -e "${CYAN}The following firewall ports need to be opened:${NC}\n"
-echo -e "  ${YELLOW}TCP 8000${NC}      - Web UI"
+echo -e "  ${YELLOW}TCP 8000${NC}           - MSP Appliance Web UI"
-echo -e "  ${YELLOW}UDP 3478-3577${NC} - NetBird Relay/STUN (100 ports for 100 customers)\n"
+echo -e "  ${YELLOW}TCP 9001-9100${NC}      - NetBird Web Management (one per customer, increments by 1)"
 echo -e "  ${YELLOW}UDP 3478-3577${NC}      - NetBird Relay/STUN (one per customer, increments by 1)\n"
 echo -e "  ${CYAN}Example: Customer 1 = TCP 9001 + UDP 3478${NC}"
 echo -e "  ${CYAN}         Customer 2 = TCP 9002 + UDP 3479${NC}"
 echo -e "  ${CYAN}         ...${NC}\n"
 if command -v ufw &> /dev/null; then
    read -p "Configure firewall automatically with ufw? (yes/no): " CONFIG_FW
    if [[ "$CONFIG_FW" =~ ^[Yy]([Ee][Ss])?$ ]]; then
        ufw allow 8000/tcp comment "NetBird MSP Web UI"
        ufw allow 9001:9100/tcp comment "NetBird Dashboard Ports"
        ufw allow 3478:3577/udp comment "NetBird Relay Ports"
        echo -e "${GREEN}✓ Firewall configured${NC}"
    else
        echo -e "${YELLOW}Please configure firewall manually:${NC}"
        echo "  sudo ufw allow 8000/tcp"
        echo "  sudo ufw allow 9001:9100/tcp"
        echo "  sudo ufw allow 3478:3577/udp"
    fi
 else
    echo -e "${YELLOW}UFW not found. Please configure firewall manually:${NC}"
    echo "  - Allow TCP port 8000"
-    echo "  - Allow UDP ports 3478-3577"
+    echo "  - Allow TCP ports 9001-9100 (dashboard, +1 per customer)"
    echo "  - Allow UDP ports 3478-3577 (relay, +1 per customer)"
 fi
 echo ""
@@ -539,7 +546,8 @@ Network:        $DOCKER_NETWORK
 Ports:
 ------
 Web UI:      TCP 8000
-Relay:    UDP 3478-3577
+Dashboard:   TCP 9001-9100 (base 9000 + customer ID, one per customer)
 Relay:       UDP 3478-3577 (one per customer)
 Images:
 -------