What ports do I need to open for Mist.io
For monitoring (outgoing traffic)
In order to enable monitoring with mist.io, a server needs to allow outgoing traffic to UDP port 25826 for monitor.mist.io. Port 25826 is the port were collectd open source monitoring agent uses in order to send the monitoring data. So make sure outgoing traffic to monitor.mist.io for 25826 is allowed.
For probe/ssh (incoming traffic)
In order for mist.io to be able to run properly and ping/probe/ssh VMs incoming traffic to these ips need to be whitelisted:
104.198.19.203, 35.184.67.94, 104.198.197.230, 104.154.33.164, 104.155.147.47
The list of ips is also contained as A records in dns name ips.mist.io. To get all current ips use dig
root@user:~# dig ips.mist.io ; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> ips.mist.io ... ;; ANSWER SECTION:<br>ips.mist.io.300INA104.154.231.252 ips.mist.io. 60 IN A 35.184.67.94 ips.mist.io. 60 IN A 104.154.33.164 ips.mist.io. 60 IN A 104.155.147.47 ips.mist.io. 60 IN A 104.198.19.203 ips.mist.io. 60 IN A 104.198.197.230
To whitelist these
root@user:~# iptables -A INPUT -s ips.mist.io -j ACCEPT
Keep in mind that when dns names are used in iptables, these are resolved when the rule is being added, so in order to keep up with changes in our infrastructure, you'll need to reapply the rules periodically so that the dns entries are re-resolved.