Documentation for network & IT administrators on firewall configurations required for pi-top's full functionality
This guide is intended to inform school IT administrators of what network traffic is required for the pi-top to function, so that they can configure their network security as required. Often some of this traffic is allowed by default but particular parts are blocked such as the outgoing NTP traffic on an non-http port, or the internal traffic between devices on the network.
External Traffic Whitelist
To allow access to our learning and support materials and software updates, outgoing web traffic should be allowed for the following connections:
|
Host |
Ports |
Protocol |
Reason |
|---|---|---|---|
|
pi-top.com |
80, 443 |
TCP |
General |
|
*.pi-top.com |
80, 443 |
TCP |
General, Further Resources |
|
*.readthedocs-hosted.com |
80, 443 |
TCP |
Technical Documentation |
|
*.raspberrypi.org |
80, 443 |
TCP |
Updates |
|
packagecloud.io |
80, 443 |
TCP |
Updates |
|
*.pool.ntp.org |
123 |
UDP |
Time sync, Updates |
Internal Traffic Whitelist
To allow wireless interaction between pi-tops and other devices such as student laptops, they must be on the same network and allow following local traffic:
|
Host |
Ports |
Protocol |
Reason |
|---|---|---|---|
|
internal addresses |
80, 443 |
TCP |
Web dashboards, health checking |
|
internal addresses |
8028 |
TCP |
Further Coding |
|
internal addresses |
60100-60999 |
TCP |
Further Dynamic VNC |
|
internal addresses |
5900 |
TCP |
VNC (Optional) |
|
internal addresses |
22 |
TCP |
SSH (Optional) |