I have the following Scenario: A Master Server where salt-master is installed and a Minion Server where salt-minion is installed in between those two servers there is a Cisco ASA Firewall.
The Firewall Admin told me he has opened both TCP 4505 and 4506 ports from the minion server ==> master server (only one direction)
Still i have problems connecting to the master server. So here comes my question is there a way to find out that the TCP 4505 und 4506 ports are opened? Master and Slave servers do not have iptables installed.
I found the solution at the Salt troubleshooting: https://docs.saltstack.com/en/latest/topics/troubleshooting/minion.html
I'll summarize it here (xx.xx.xx.xx is the master IP)
(if port is not open):
root@minion ~ # nc -v -z xx.xx.xx.xx 4505
salt [xx.xx.xx.xx] 4505 (?) : Connection refused
root@minion ~ # nc -v -z xx.xx.xx.xx 4506
salt [xx.xx.xx.xx] 4506 (?) : Connection refused
(if port is open):
root@minion:~# nc -v -z xx.xx.xx.xx 4505
salt [xx.xx.xx.xx] 4505 (?) open
root@minion:~# nc -v -z xx.xx.xx.xx 4506
salt [xx.xx.xx.xx] 4506 (?) open