BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TCP 9000+ dashboard ports to firewall config and documentation

Browse Source 
Each customer gets TCP 9000+ID (dashboard) and UDP 3478+ID (relay).
Updated install.sh firewall section, completion summary, and README.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Lustenberger
2026-02-08 17:42:49 +01:00
parent 817cb7e9bb
commit af5bec8e77
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@@ -131,11 +131,18 @@ Per customer instance (5 containers): **~100 MB RAM**
| Port | Protocol | Purpose |
|------|----------|---------|
| 8000 | TCP | NetBird MSP Appliance Web UI |
| 3478+ | UDP | STUN/TURN relay (one per customer) |
| 9000+ | TCP | NetBird Web Management per customer (one per customer, increments by 1) |
| 3478+ | UDP | STUN/TURN relay per customer (one per customer, increments by 1) |
Example: Customer 1 = UDP 3478, Customer 2 = UDP 3479, ..., Customer 100 = UDP 3577.
Example for 3 customers:
**Your firewall must allow the UDP relay ports for NetBird to function!**
| Customer | Dashboard (TCP) | Relay (UDP) |
|----------|----------------|-------------|
| Kunde 1 | 9001 | 3478 |
| Kunde 2 | 9002 | 3479 |
| Kunde 3 | 9003 | 3480 |
**Your firewall must allow both the TCP dashboard ports and the UDP relay ports!**
---

16
install.sh
View File

@@ -432,24 +432,31 @@ clear
echo -e "${BLUE}${BOLD}[Step 9/10]${NC} ${BLUE}Firewall Configuration${NC}\n"
echo -e "${CYAN}The following firewall ports need to be opened:${NC}\n"
echo -e " ${YELLOW}TCP 8000${NC} - Web UI"
echo -e " ${YELLOW}UDP 3478-3577${NC} - NetBird Relay/STUN (100 ports for 100 customers)\n"
echo -e " ${YELLOW}TCP 8000${NC} - MSP Appliance Web UI"
echo -e " ${YELLOW}TCP 9001-9100${NC} - NetBird Web Management (one per customer, increments by 1)"
echo -e " ${YELLOW}UDP 3478-3577${NC} - NetBird Relay/STUN (one per customer, increments by 1)\n"
echo -e " ${CYAN}Example: Customer 1 = TCP 9001 + UDP 3478${NC}"
echo -e " ${CYAN} Customer 2 = TCP 9002 + UDP 3479${NC}"
echo -e " ${CYAN} ...${NC}\n"
if command -v ufw &> /dev/null; then
read -p "Configure firewall automatically with ufw? (yes/no): " CONFIG_FW
if [[ "$CONFIG_FW" =~ ^[Yy]([Ee][Ss])?$ ]]; then
ufw allow 8000/tcp comment "NetBird MSP Web UI"
ufw allow 9001:9100/tcp comment "NetBird Dashboard Ports"
ufw allow 3478:3577/udp comment "NetBird Relay Ports"
echo -e "${GREEN}✓ Firewall configured${NC}"
else
echo -e "${YELLOW}Please configure firewall manually:${NC}"
echo " sudo ufw allow 8000/tcp"
echo " sudo ufw allow 9001:9100/tcp"
echo " sudo ufw allow 3478:3577/udp"
fi
else
echo -e "${YELLOW}UFW not found. Please configure firewall manually:${NC}"
echo " - Allow TCP port 8000"
echo " - Allow UDP ports 3478-3577"
echo " - Allow TCP ports 9001-9100 (dashboard, +1 per customer)"
echo " - Allow UDP ports 3478-3577 (relay, +1 per customer)"
fi
echo ""
@@ -539,7 +546,8 @@ Network: $DOCKER_NETWORK
Ports:
------
Web UI: TCP 8000
Relay: UDP 3478-3577
Dashboard: TCP 9001-9100 (base 9000 + customer ID, one per customer)
Relay: UDP 3478-3577 (one per customer)
Images:
-------