Internal Outgoing Connections
The WebHosting Linux service specific ports are opened automatically when a web cluster node is deployed. Common firewall configuration is provided below.
| From | To | Protocol | Port |
|---|---|---|---|
|
Web cluster node (HEWSL) – BackNet NIC or FrontNet NIC |
DNS Resolver Server – BackNet NIC or FrontNet NIC |
TCP, UDP |
53 |
| External Native Repositories (YUM repositories) – BackNet NIC or FrontNet NIC | TCP |
Custom port range Note: The destination hosts and ports may vary depending on YUM repositories. |
|
|
Web cluster node (HEWSL) – BackNet NIC |
Shared Storage server (ISCSI) – BackNet NIC |
TCP, UDP |
3260 |
| Web cluster node (HEWSL) | TCP | 5404, 5405 (corosync), 21064 (dlm) | |
| Load Balancer server (HELB) – BackNet NIC | UDP | 8649 (Ganglia) | |
| CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC | TCP | 8352-8500 (except 8440), 6380-6430 (Redis replication, one port for each registered web server or web cluster), 80, 16384 | |
| MySQL Database Server (MYSQL) – BackNet NIC | TCP | 3306 | |
| PgSQL Database Server (PGSQL) – BackNet NIC | TCP | 5432 | |
| Backup Server (CUSTBACKUP) – BackNet NIC | TCP | 8352 | |
| Mail Sender ID Server (MAILSID) – BackNet NIC | TCP | 22 | |
| Primary/Secondary NFS server – BackNet NIC | TCP, UDP | 111, 10300:10302 |
Internal Incoming Connections
| From | To | Protocol | Port |
|---|---|---|---|
|
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC |
Web cluster node (HEWSL) – BackNet NIC |
TCP |
8352-8500 (except 8440), 22 (SSH) |
| Shared storage (ISCSI) – BackNet NIC | TCP | 3260 | |
| Web cluster node (HEWSL) | TCP | 5404, 5405 (corosync), 21064 (dlm) | |
| Backup Server (CUSTBACKUP) – BackNet NIC | TCP | 8352 | |
| Primary/Secondary NFS server – BackNet NIC | TCP, UDP | 111, 10300:10302 | |
| Linux FileManager Server (WSNG/HEWSL) – FrontNet NIC |
Web cluster node (HEWSL) – FrontNet NIC |
TCP | 21 (FTP control channel), 60000:65535 (FTP passive mode) |
| Load Balancer (HELB) – FrontNet NIC | TCP | * |
Note: The Direct Routing load balancing method is used in CloudBlue Commerce (http://www.linuxvirtualserver.org/VS-DRouting.html), therefore the FrontNet NIC of your load balancer and the FrontNet NICs of web cluster nodes must be connected to the same segment of your physical network.
External Incoming Connections
The connection between web cluster nodes and the Load Balancer is established via the FrontNet network.
Note: The port numbers are the same both for the IPv4 and IPv6 addresses.
| From | To | Protocol | Port |
|---|---|---|---|
|
PublicNet Network |
Web cluster node (HEWSL) – FrontNet NIC |
TCP |
443 (HTTPS), 80 (HTTP), 22 (SSH), 21 (FTP control channel), 60000:65535 (FTP passive mode) |
External Outgoing Connections
| From | To | Protocol | Port |
|---|---|---|---|
|
Web cluster node (HEWSL) – FrontNet NIC |
PublicNet Network |
TCP, UDP |
* Note: Outgoing SMTP connections must be blocked if the Mail Sender ID Service is used. |
Important: Perform the instructions of the Appendix A: Additional Firewall Configuration on Linux Web Servers section.