Hey,
which ports/services do I have to allow if I want to operate ROS2 on a system with an active firewall?
Lennart
The canonical explanation is deeply buried in the RTPS spec (aka “DDS
Interoperability Protocol”), section 9.6.1:
http://www.omg.org/spec/DDSI-RTPS/2.2/PDF/
Four UDP ports are needed. The port numbers are a function of the DDS/RTPS
domain ID, which in ROS 2 is populated with the ROS_DOMAIN_ID environment
variable and defaults to zero.
The expressions and magic numbers are on pages 190-191 of the PDF (document
page numbers 178-179).
Best regards,
Morgan
2 Likes
I’ve seen this page by RTI which might be useful: https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through
It has a spreadsheet for calculating the ports used by RTI Connext (one of the supported ROS 2 middleware implementations) which might also apply to other vendors. I haven’t used it myself.
Morgan mentioned the domain ID - note that the participant ID that’s used in these equations isn’t currently exposed/set by ROS 2, but it may be set by vendor-specific config files.
What ports did you end up opening? And did it solve the issue? I am using Openvpn to connect two clients, one beeing the robot and the other our back end solution. Using the openvpn client starting the robot ros nodes we were not able to read or list the topics on the backend. Doing some digging and it seems like maybe there is a firewall issue. We are using AWS pre built Openvpn server. Added the following rule. I hope it will help, will know on Sunday when it is robot session again
