Product:
Search Type:

[Info] Which ports should be opened on Virtuozzo hardware node and Service VE?

Article ID: 1070
Last Review: May,07 2008
APPLIES TO:
  • Virtuozzo for Windows 3.5.1
  • Virtuozzo for Windows 3.5.1 SP1
  • Parallels Virtuozzo Containers for Windows 4.0

RESOLUTION

Parallels Virtuozzo Containers 4.0

Hardware node:
  • 4433 - TCP VZAgent non-crypted XML connections to VZAgent
  • 4434 -  TCP VZAgent SSL (crypted) XML connections to VZAgent
  • 4435 - TCP VZAgent binary data transfer connections to VZAgent
  • 4646 - TCP VZAgent SOAP
  • 4643 - Parallels Infrastructure Manager
  • 80 - HTTP redirect for Parallels Infrastructure Manager
  • 443 - Parallels Infrastructure manager
  • 22* - SSH. Used in case when Service CT is created in compat mode
  • 8443, 8080 - Plesk integration
  • 3389 - Remote Desktop
Service Container

  • 22* - SSH. Used in case when Service CT is created in compat mode
  • 8443, 8080 - Plesk integration
  • 4646 - TCP VZAgent SOAP
  • 4643 - Parallels Infrastructure Manager


Virtuozzo 3.5.1

The following ports should be opened on hardware node and service VE:

  - 22: this port should be opened inside the Service VE and is needed to be able to establish an SSH connection to the Service VE from the computer where VZMC is installed;
 
  - 4643: this port should be opened inside the Service VE and is needed to be able to connect to the Service VE and other VEs on the Node thru VZCC/VZPP.

  - 4646 - SOAP

  - 3141: this port should be opened on the Hardware Node and is needed to be able to view the information on the current HN resources consumption on the Monitor Node or thru a standard Web browser. 

  - 3389: this port should be opened on the Hardware Node and is needed to connect to your Virtual Environments(for 3.5.1 version) by means of the standard Windows Remote Desktop Connection (RDP) application.
 
Note: Starting from Virtuozzo 3.5.1 Service Pack 1 , 3389 port should be opened inside each VE because each VE has its own Terminal Server inside.
 
  - 8049: this port should be opened on the Hardware Node and is needed to check the information on the current state of the Hardware Node thru a standard Web browser. 

  - 139 and 445 for name pipes, as VZAgent communicates with VZAOP service on the node via it. 

  - 8443 port should be opened inside Service VE. It’s required for Plesk/VZPP integration.

If you would like to close required ports inside service VE directly from the node you can use the following script( to apply it please create .cmd file and just copy script commands there):

vzctl exec 1 netsh firewall set opmode enable
vzctl exec 1 netsh firewall set portopening protocol=TCP port=3389
vzctl exec 1 netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8443 name=”Plesk-VZPP”
vzctl exec 1 netsh firewall set portopening protocol=TCP port=139 scope=all profile=all
vzctl exec 1 netsh firewall set portopening protocol=TCP port=445 scope=all profile=all
pause 10
Keywords: port firewall

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields