2.7. Configuring Server Ports for Virtuozzo

Virtuozzo enables Linux kernel firewall during installation. This section lists ports opened by default. The set of ports differs depending on your system configuration:

2.7.1. Opened Ports on Standalone Servers

The table below lists the ports for servers that do not participate in Virtuozzo Storage clusters. I in the Description column signals that the port should be opened for incoming traffic and O, for outgoing traffic.

Port Description
22 (IO) Used for secure logins via SSH.
80 (IO) Used for HTTP connections, e.g., to download Virtuozzo updates and EZ templates from remote repositories.
21 (O) Used to connect to the Debian repository to cache Debian EZ templates.
443 (O) Used to send problem reports to the support team.
5224 (O) Used to connect to the Key Administrator server to update Virtuozzo lease licenses.
64000 (IO) Used to connect SDK with the dispatcher running on the remote server, and for communication between the dispatchers on different servers.
1621, 1622 (O) Used to migrate containers to virtual machines on servers that run Virtuozzo hypervisor-based solutions.
67 Used to support host-only adapters in virtual machines. Virtuozzo does not use port 67 for any external connections.
<RPC ports> Used by various RPC services (e.g., to support NFS shares). Port numbers may differ from system to system. To learn what RPC services are registered on your server and what ports they are using, run # rpcinfo -p localhost
647, 847 Reserved by the Linux portreserve program for the DHCP server, if you use one.
5700-6900 Range of ports used for VNC connections.

You may also need to additionally open ports used to connect to remote yum repositories. Though most of the repositories can be accessed via HTTP, some may require access via HTTPS or FTP. You can check what repositories are currently configured for your system and what protocols are used to connect to them as follows:

# yum repolist -v | egrep -e 'baseurl|mirrors'
Repo-mirrors : <VZ7_mirrorlist_URL>
Repo-baseurl : <VZ7_base_URL>
# curl <VZ7_mirrorlist_URL>

2.7.2. Opened Ports on Servers in Virtuozzo Storage Clusters

A Virtuozzo Storage cluster requires ports listed below to be opened in addition to those on standalone servers. If you use Virtuozzo Storage management panel to create clusters, all the necessary ports are opened automatically. Otherwise, open these ports manually on each node participating in the cluster.

Port Description
MDS Servers
2510 (IO) Used for communication between MDS servers.
2511 (IO) Used for communication with chunks servers and clients.
Chunk Servers
2511 (O) Used for communication with MDS servers.
<random_port> (I) Used for communication with clients. The chunk server management service automatically binds to any available port. You can also manually assign the service to a specific port.
Clients
2511 (O) Used for communication with MDS servers.
<random_port> (O) Used for communication with chunk servers. The client management service automatically binds to any available port. You can also manually assign the service to a specific port.