On some deployments, such as ones where restrictive firewalls are in place, you might need to manually configure a firewall to permit OpenStack service traffic. To manually configure a firewall, you must permit traffic through the ports that each OpenStack service uses. This table lists the default ports that each OpenStack service uses: To function properly, some OpenStack components depend on other, non-OpenStack services. For example, the OpenStack dashboard uses HTTP for non-secure communication. In this case, you must configure the firewall to allow traffic to and from HTTP. This table lists the ports that other OpenStack components use: On some deployments, the default port used by a service may fall within the defined local port range of a host. To check a host's local port range: $ sysctl -a | grep ip_local_port_range If a service's default port falls within this range, run the following program to check if the port has already been assigned to another application: $ lsof -i :PORT Configure the service to use a different port if the default port is already being used by another application.