Article ID: 1004, created on Oct 6, 2008, last review on Jun 17, 2016

  • Applies to:
  • Virtual Automation

Resolution

Note: If you are using Parallels Virtual Automation (PVA), please refer to the following article instead.

1.Hardware node (INPUT, OUTPUT chains)

  • close all ports except port 22.
  • open ports 20, 21, 80, 110 for name-based hosting if you are going to use it (please see below).
  • open port 80 if you are using EZ templates, you need to connect to external repositories to create templates cache.
  • open port 21 if you are using Debian EZ templates, you need to connect to Debian repository to create the templates cache.
  • open port 443, you need to connect to vzup2date server vzup2date.swsoft.com.
  • open port 5224, you need to connect to Parallels Key Administrator to update the Virtuozzo license.
  • open port 4433 non-crypted XML connections to VZAgent
  • open port 4434 SSL (encrypted) XML connections to VZAgent
  • open port 4435 binary data transfer connections to VZAgent

    2.Service Container (INPUT, OUTPUT chains)

    incoming connections:

  • port 22 from the nodes in the same cluster, from the VZMC/PMC workstations and from PBAS (if you manage hardware node using VZMC/PMC and PBAS)
  • ports 25, 110, 80 from everywhere: Service Container takes the IP address of a container, which is down for backing up or migration and displays a nice maintenance message; port 25 should also be opened for name-based hosting.
  • port 389 should be open for incoming/outgoing connections from the hardware node
  • ports 4643, 8443 from everywhere: that is the VZPP/PPP and Plesk ports
  • port 4646 is a port of VZAgent SOAP interface; open it for selected hosts if you are going to use it.
  • ports 4433, 4434, 4435 connections to VZAgent from hardware node.
  • port 8880 integration between Parallels Plesk Control Panel and Parallels Power Panel.

    Example for ports 4643 and 389 (they should be opened in both directions):

    Chain VZ_INPUT (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4643 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4643 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:389

    Chain VZ_OUTPUT (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4643 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:389 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:389 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4643

    Example for port 8880 inside Service Container:

    Chain VZ_INPUT (1 references) target prot opt source destination

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:8880

    Chain VZ_OUTPUT (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8880

    outgoing connections:

  • port 22 should be opened for connecting to other nodes in the same cluster.

Note: Please make sure that access to the following external resources required for Virtuozzo is also allowed in firewall rules:

  • ka.odin.com
  • vzup2date.swsoft.com
  • vzup2date.parallels.com
  • autoinstall.plesk.com
  • all servers for repositories, listed in /etc/vztt/vztt.conf (Virtuozzo 3.0) or /etc/vztt/url.map (PVC 4.0).

Search Words

PIM ports

2897d76d56d2010f4e3a28f864d69223 319940068c5fa20655215d590b7be29b

Email subscription for changes to this article
Save as PDF