Web Server

Internal Outgoing Connections

The WebHosting Linux service specific ports are opened automatically when a web server is deployed. Common firewall configuration is provided below.

From	To	Protocol	Port
Web server (WSNG) – BackNet NIC or FrontNet NIC	DNS Resolver Server – BackNet NIC or FrontNet NIC	TCP, UDP	53
	External Native Repositories (YUM repositories) – BackNet NIC or FrontNet NIC	TCP	Custom port range Note: The destination hosts and ports may vary depending on YUM repositories.
Web server (WSNG) – BackNet NIC	CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	TCP	8352-8500 (except 8440), 6380-6430 (Redis replication, one port for each registered web server or web cluster), 80, 16384
	MySQL Database Server (MYSQL) – BackNet NIC	TCP	3306
	PgSQL Database Server (PGSQL) – BackNet NIC	TCP	5432
	Backup Server (CUSTBACKUP) – BackNet NIC	TCP	8352
	Mail Sender ID Server (MAILSID) – BackNet NIC	TCP	22

Internal Incoming Connections

From	To	Protocol	Port
Linux FileManager Server (WSNG/HEWSL) – FrontNet NIC	Web server (WSNG) – FrontNet NIC	TCP	21 (FTP control channel), 60000:65535 (FTP passive mode)
Backup Server (CUSTBACKUP) – BackNet NIC	Web server (WSNG) – BackNet NIC	TCP	8352
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC		TCP	8352-8500 (except 8440)
		TCP	22 (SSH)

External Incoming Connections

Note: The port numbers are the same both for the IPv4 and IPv6 addresses.

From	To	Protocol	Port
PublicNet Network	Web server (WSNG) – FrontNet NIC	TCP	443 (HTTPS), 80 (HTTP), 22 (SSH), 21 (FTP control channel), 60000:65535 (FTP passive mode)

External Outgoing Connections

From	To	Protocol	Port
Web server (WSNG) – FrontNet NIC	PublicNet Network	TCP, UDP	* Note: Outgoing SMTP connections must be blocked if the Mail Sender ID Service is used.

Important: Perform the instructions of the Appendix A: Additional Firewall Configuration on Linux Web Servers section.