RESOLUTION
1. Hardware node (INPUT, OUTPUT chains)* close all ports except port 22.
* open ports 20, 21, 80, 110 for namebased hosting if you are going to use it (please see below).
* open port 80 if you are using EZ templates, it is needed to connect to external repositories to create templates cache.
* open port 21 if you are using Debian EZ templates, it is needed to connect to Debian repository to create templates cache.
* open port 443, it is needed to connect to vzup2date server vzup2date.swsoft.com.
* open port 5224, it is needed to connect to SWsoft Key Administrator to update Virtuozzo license.
2. Service VE (INPUT, OUTPUT chains on Service VE)
incoming connections:
* port 22 from the nodes in the same cluster, from the VZMC workstations and from HSPcomplete (if you manage hardware node using VZMC and HSPcomplete)
* ports 25, 110, 80 from everywhere: Service VE takes the IP address of a VE which is down for backuping or migration and displays a nice maintenance message; port 25 should also be opened for namebased hosting.
* ports 4643, 8443 from everywhere: that is the VZPP and Plesk ports
* port 4646 is a port of VZagent SOAP interface; open it for selected hosts if you are going to use it.
outgoing connections:
* port 22 should be opened for connecting to other nodes in the same cluster.
Namebased hosting is a method of creating VEs with internal IPs (like 192.168.*.*) and forwarding four protocols (HTTP, FTP, SMTP, and POP3) to VEs according to their hostnames. It has nothing to do with hostname based virtual hosts in Apache configuration.
Keywords: virtuozzo,firewall,port
English
Chinese
French
German
Japanese
Russian
Spanish