Firewall Settings for Virtual Servers
From myhosting.com Wiki
Contents |
Firewall on Virtual Servers
All Virtual Servers by default have their firewall enabled. We also have our own firewall in front of the Virtual Servers but that firewall is setup to allow most inbound traffic towards your servers. The firewall on your server such as the "Windows Firewall" is set to be much more restrictive to what it allows by default. You can then edit your own firewall to allow access for whatever ports you specify. Basically our firewall won't prevent you from opening up any needed ports.
Default Windows Virtual Server Firewall Settings
The default OUTBOUND firewall rules are:
| Name | Group | Profile | Enabled | Action | Program | Local Address | Remote Address | Protocol | Local Port | Remote Port | Allowed Computers |
| BackupExecAgentBrowser | Any | Yes | Allow | Any | Any | 168.144.253.5 | TCP | 6101 | Any | Any | |
| DNS (UDP-Out) | Any | Yes | Allow | Any | Any | DNS servers | UDP | Any | 53 | Any | |
| EPMAP (TCP-Out) | Any | Yes | Allow | Any | Any | DNS servers | TCP | Any | 135 | Any | |
| FTP Data (TCP-Out) | Any | Yes | Allow | Any | Any | Any | TCP | 20 | Any | Any | |
| HTTP (TCP-Out) | Any | Yes | Allow | Any | Any | Any | TCP | Any | 80 | Any | |
| HTTPS (TCP-Out) | Any | Yes | Allow | Any | Any | Any | TCP | Any | 443 | Any | |
| ICMP (Out) | Any | Yes | Allow | Any | Any | Any | ICMPv4 | Any | Any | Any | |
| Kerberos (TCP-Out) | Any | Yes | Allow | Any | Any | DNS servers | TCP | Any | 88 | Any | |
| LDAP (TCP-Out) | Any | Yes | Allow | Any | Any | DNS servers | TCP | Any | 389 | Any | |
| LDAP (UDP-Out) | Any | Yes | Allow | Any | Any | DNS servers | UDP | Any | 389 | Any | |
| RPC (TCP-Out) | Any | Yes | Allow | Any | Any | DNS servers | TCP | Any | Any | Any | |
| SMTP (TCP-Out) | Any | Yes | Allow | Any | Any | Any | TCP | Any | 25 | Any | |
| Time (UDP-Out) | Any | Yes | Allow | Any | Any | DNS servers | UDP | Any | 123 | Any | |
| Core Networking - Group Policy (NP-Out) | Core Networking | Any | Yes | Allow | system | Any | DNS servers | TCP | Any | 445 | Any |
The default INBOUND firewall rules are:
| Name | Group | Profile | Enabled | Action | Override | Program | Local Address | Remote Address | Protocol | Local Port | Remote Port | Allowed Users | Allowed Computers |
| RPC (TCP-In) | Any | Yes | Allow | No | Any | Any | DNS servers, 168.144.253.5 | TCP | Any | Any | Any | Any | |
| ICMP (In) | Any | Yes | Allow | No | Any | Any | Any | ICMPv4 | Any | Any | Any | Any | |
| @%windir%\system32\inetsrv\iisres.dll,-30500 | @%windir%\system32\inetsrv\iisres.dll,-30501 | Any | Yes | Allow | No | system | Any | Any | TCP | 80 | Any | Any | Any |
| FTP Data (TCP-In) | Any | Yes | Allow | No | Any | Any | Any | Any | 55815, 55816, 55817, 55818, 55819, 55820, 55821, 55822, 55823, 55824, 55825 | Any | Any | Any | |
| Remote Administration (NP-In) | Remote Administration | Any | Yes | Allow | No | system | Any | DNS servers | TCP | 445 | Any | Any | Any |
| @%windir%\system32\inetsrv\iisres.dll,-30502 | @%windir%\system32\inetsrv\iisres.dll,-30503 | Any | Yes | Allow | No | system | Any | ANy | TCP | 443 | Any | Any | Any |
| Remote Desktop (TCP-In) | Remote Desktop | Any | Yes | Allow | No | system | Any | Any | TCP | 3389 | Any | Any | Any |
| FTP Cmd (TCP-In) | Any | Yes | Allow | No | Any | Any | Any | TCP | 21 | Any | Any | Any | |
| SQL Server (TCP-In) | Any | Yes | Allow | No | Any | Any | Any | TCP | 1433 | Any | Any | Any | |
| Backup Exec Access Port | Any | Yes | Allow | No | Any | Any | 168.144.253.5 | TCP | 10000 | Any | Any | Any |
Default Linux Virtual Server Firewall Settings
The default policy allows all outbound connections from your Linux virtual server. The following services are allowed inbound connections.
| Service | Source | Destination | Protocol | Action |
| All | All | ICMP | ACCEPT | |
| SSH | Net | $FW | TCP | ACCEPT |
| HTTP | Net | $FW | TCP | ACCEPT |
| HTTPS | Net | $FW | TCP | ACCEPT |
| WEBMIN | Net | $FW | TCP | ACCEPT |
NOTE: "$FW represents" your VS server
| Service | Source | Destination | Protocol | Action |
| bacula-fd | net:168.144.253.0/29 | $FW | TCP | ACCEPT |
| SNMP | net:168.144.253.0/29 | $FW | UDP | ACCEPT |
NOTE: "net:168.144.253.0/29" are the myhosting administration servers which should not be removed or blocked.
Opening a Port on the Windows Firewall
- Click on the START button and then open the Control Panel.
- Open Windows Firewall from the control panel
- Next click on the “Change Settings” link.
- On the Windows Firewall Settings window he needs to switch to the “Exceptions” tab and then press the ADD PORT button.
- Enter a “name” to describe what the port is being used for and the “port number” you want to open up. Also choose if this is for TCP or UDP. When you're done press the OK button.
