Last Updated: 15/04/2025
Controlling firewall settings is essential to ensure that the Gateway can reliably communicate with cloud services for real-time data, updates, and remote monitoring. Without proper configuration, firewalls can block necessary outbound connections, causing disruptions or limited functionality. It also balances security and performance by allowing only trusted communication while preventing unauthorized access.
Production
The production cluster uses the following addresses:
URL: wss://prod.flexecharge.com
IP: 51.107.187.139 (as of 14-03-25, subject to change, prefer resolving from domain)
Port: 80 443
Protocol: http https ws wss
Transport Protocol: TCP
All traffic from our servers will appear from IP 51.107.187.140
Gateway
The gateway must be able to contact a variety of sources for service such as Tailscale, NTP, Docker, Gitlab, etc.
Allow connections via the listed protocols/ports
OpenVPN
78.47.174.220is the OpenVPN server, which must be reachable by gateways using the OpenVPN VPN.
Tailsacale
Based on Firewall Ports and Hostnames
Ideally:
- TCP - Initiate connections to *:443
- UDP - Initiate connections from port 41641 to *:*
- UDP - Initiate connections to *:3478
If these are too open, you can specifically allow connections to the following addresses
login.tailscale.comcontrolplane.tailscale.comlog.tailscale.comlog.tailscale.io
For the DERP servers:
derp1-all.tailscale.comderp2-all.tailscale.com...derp25-all.tailscale.com
NTP
UDP - Initiate connections to *:123
DNS
- 1.1.1.1
- 8.8.8.8
Flexecharge
- TCP - Initiate connections to
portainer.flexecharge.com:80,443 - TCP - Initiate connections to
edge.flexecharge.com:80,443 - TCP - Initiate connections to
registry.gitlab.com:80,443 - TCP - Initiate connections to
hub.docker.com:80,443 - TCP - Initiate connections to
registry-1.docker.io:80,443 - TCP - Initiate connections to
production.cloudflare.docker.com:80,443 - TCP - Initiate connections to
a1byb37bg49qaf-ats.iot.eu-central-1.amazonaws.com:8883
| Destination IP/DNS | Communication Protocol - Port - (Application Protocol) |
| login.tailscale.com | TCP 443 (HTTPS) |
| controlplane.tailscale.com | TCP 443 (HTTPS) |
| log.tailscale.com | TCP 443 (HTTPS) |
| log.tailscale.io | TCP 443 (HTTPS) |
| derp1-all.tailscale.com | UDP 41641 (Wireguard) UDP 3478 (STUN) |
| derp2-all.tailscale.com | UDP 41641 (Wireguard) UDP 3478 (STUN) |
| ... | UDP 41641 (Wireguard) UDP 3478 (STUN) |
| derp25-all.tailscale.com | UDP 41641 (Wireguard) UDP 3478 (STUN) |
| 78.47.174.220 | TCP 443 (OpenVPN) UDP 1194 (OpenVPN) |
| 1.1.1.1 | UDP 53 (DNS) |
| 8.8.8.8 | UDP 53 (DNS) |
| portainer.flexecharge.com | TCP 443 (HTTPS) TCP 80 (HTTP) |
| edge.flexecharge.com | TCP 443 (HTTPS+WSS) TCP 80 (HTTP+WS) |
| registry.gitlab.com | TCP 443 (HTTPS) TCP 80 (HTTP) |
| hub.docker.com | TCP 443 (HTTPS) TCP 80 (HTTP) |
| registry-1.docker.io | TCP 443 (HTTPS) TCP 80 (HTTP) |
| production.cloudflare.docker.com | TCP 443 (HTTPS) TCP 80 (HTTP) |
| a1byb37bg49qaf-ats.iot.eu-central-1.amazonaws.com | TCP 8883 (WS+WSS) |
| pool.ntp.org | UDP 123 (NTP) |
Comments
0 comments
Please sign in to leave a comment.