Introduction
This document covers some of the bassic issues in FRP network configuration. It is especially useful in a simple environment of a LAN and perhaps a few remote servers and will get you started quickly. For a more thorough treatment of configuration, and for more complex network scenarios, please see FRP Advanced Network Configuration
Automatic Discovery
The management server will automatically discover all other replication servers (running FRP) residing on the same LAN segment. If you are installing all servers on the same LAN (subnet), this is sufficient except in the case of Windows 7, for Windows 7 UDP ports are closed by default. You will need to create rules to open UDP port 9110 if you want autodiscovery to work with Windows 7 machines.
Note: Auto-discovery requires port 9110 to be open for UDP multicast on the management server and open for response on the replication servers. For most firewalls this is open by default.
Open Ports
FRP replication servers communicate over port 9200 for file replication. They also communicate over port 9100 to the management server. These ports are configurable via the FRP properties file.
Addressability
Unless all your servers are on the same LAN segment, you will need to configure the servers to communicate over the network. Commonly, NAT firewalls and/or routers are found between source and destination servers. Ports 9100 and 9200 will have to be opened and forwarded (or tunneled) to their respective destinations.
you must make sure that:
- All replication servers can address the management server, i.e. the management server has an external (static) ip-address and can be reached from each and every replication server on ports 9100 and 9200.
- Every two replication servers that are going to exchange data, must be able to address each other and communicate over port 9200 (port 9100 is not required)
Procedure
Step 1: Internal Firewall setup
If your server runs an internal firewall (e.g. Windows Firewall), open TCP ports 9100 and 9200. On advanced firewalls you will need to specify both incoming and outgoing traffic. In Windows, you can use the Netsh command line utility, or you can use the appropriate batch file below on windows machines. Just download and rename the file (remove the unsafe extension) to the bat file and run it as Administrator to modify your windows firewall.
FRP also uses port UDP 9110 for auto discovery multicasts inside the LAN. UDP ports are open by default on most internal firewalls, however some advanced firewalls require the port be opened by the user.
These batch files can be found in the /utils folder of the installation or below, these batch files must be run as an Administrator.
OpenPortsVista-2008-Win7.bat.unsafe
Step 2: Firewall/Router setup
If the FRP server is behind a firewall, the firewall must have a static IP address. Open TCP ports 9100* and 9200 on this server and forward them to the FRP server. Repeat for every FRP management or replication server that needs to be reached through a firewall.
If all your servers are on the same LAN segment, this step is not required.
*Note: in restrictive environments, for computers that host only a replication server (with no management server), you may open port 9100 for outgoing traffic only.
Step 3: FRP setup:
The management server maintains a list of all replication servers in your network. If the management server has not picked up (auto-discovered) one of your servers, because it is in a remote location behind a firewall, you will have to enter that server manually.
- Click the Add Server button within the Server Overview tab in the management console.
- Enter the correct host name of the FRP server and the IP address of the firewall that is “in front” of the server in the remote location.
- Repeat for all remote servers.
After these steps are followed, use the FRP Net utility to verify connectivity.