Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

What firewall rules may be needed to serve NerdPacks?

new-moderation-topic
mod_queue
sla_breaching
nerdpack

#1

I’m trying to create my first NerdPack. After some initial trouble getting the profile setup (getting the right API Key out of the 3 potential keys available) and not understanding how accepting the T&C works (all of this not well documented), I now find my self unable to run nr1 nerdpack:serve. Everything builds OK, but I get the error message:

ERROR: It looks like your port 9973 is busy. The server couldn’t be started.

I did a netstat -a -n and nothing is squatting on that port, so I’m thinking it may be a firewall configuration issue.

I did see one other forum post, but it wasn’t helpful and has since died with no further replies. The recommendation was to “Try a different network.” That’s nice. That’s not really possible in my environment. Knowing this may be a firewall issue, now I must ask: What ports are required by which protocol in which direction?? E.g., Port 9973, TCP, Outbound only. (It would be super-nice if this was documented in the Getting Started documentation, along with how to actually get started.)


Programmability - which API key to use?
#2

Port 9973 is required for locally serving Nerdpacks.

I have seen cases where the users get 9973 is busy errors, which does turn out to be a block somewhere in their network, perhaps not on the specific machine you run that check on. Asking to check on a new network is a simple way to confirm that for us.

In cases where you cannot do that, we would urge you to have a chat with your network team to check in on network level blocks of port 9973

So what is needed to whitelist?

  • Port 9973, as discussed.
  • Nerdpacks are served using a unique subdomain of nr-local.net (this uses your nerdpacks UUID in the format UUID.nr-local.net
  • Similarly nr-ext.net sub-domains.

If possible, all subdomains of nr-local.net & nr-ext.net.

As described here:
https://developer.newrelic.com/build-tools/new-relic-one-applications/guide-to-authentication--data-access--and-permissions#Apploadinginbrowser


#3

OK, but my basic question wasn’t answered.

In terms of firewall configuration, is the traffic on port 9973 expected to be outbound, inbound, or both?


#4

I believe it would be both. @Craig.Shea


#5

Looking through the source code, that was my thought, too. Part of me wonders if the problem is not my firewall, but my ISP. They don’t allow me to serve websites from my home (I work from home the majority of the time).


#6

That could indeed be the case. Could you reach out to your ISP to check on that?


#7

Oh, I don’t need to contact them—this I already know. It’s in most consumer ISP contracts here in the US (including, unfortunately, mine). If you want to serve content, you need a business-class contract which is typically much more expensive. And many ppl in the US are limited to only 1 or 2 providers in their areas due to ISP’s having “exclusive” contracts to provide service within many municipalities. Ugh. :wink:

(I used to have a commercial account when it was provided by my wife’s employer. And I could host a website from my home. When she stopped working, we switched to a consumer contract from the same provider and now I no longer have this ability.)