Article ID: 1070, created on Oct 6, 2008, last review on Aug 12, 2014

  • Applies to:
  • Virtuozzo containers for Windows 4.0
  • Virtuozzo for Windows 3.5.1 SP1
  • Virtuozzo for Windows 3.5.1

Resolution

Note: If you are using Parallels Virtual Automation (PVA) to manage your HW Node, open the ports as described in article #9516 instead.

Parallels Virtuozzo Containers 4.0

Hardware Node:


  • 4433: TCP VZAgent non-crypted XML connections to VZAgent
  • 4434: TCP VZAgent SSL (crypted) XML connections to VZAgent
  • 4435: TCP VZAgent binary data transfer connections to VZAgent
  • 4646: TCP VZAgent SOAP
  • 4643: Parallels Infrastructure Manager
  • 80: HTTP redirect for Parallels Infrastructure Manager
  • 443: Parallels Infrastructure Manager
  • 22*: SSH. Used when Service CT is created in compact mode
  • 8443, 8080: Plesk integration
  • 3389: Remote desktop
If you would like to close the required ports on the Node, you can use the following script (to apply it, create a .cmd file and copy and paste the script commands there):

netsh firewall set opmode enable
netsh firewall set portopening protocol=TCP port=3389
netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP1"
netsh firewall set portopening protocol=TCP port=8080 name="Plesk-VZPP2"
netsh firewall set portopening protocol=TCP port=443 name="HTTPS redirect for Parallels Infrastructure Manager"
netsh firewall set portopening protocol=TCP port=80 name="HTTP redirect for Parallels Infrastructure Manager"
netsh firewall set portopening protocol=TCP port=4433 name="TCP VZAgent non-crypted XML connections to VZAgent"
netsh firewall set portopening protocol=TCP port=4434 name="TCP VZAgent SSL (crypted) XML connections to VZAgent"
netsh firewall set portopening protocol=TCP port=4435 name="TCP VZAgent binary data transfer connections to VZAgent"
pause

Service Container

  • 22*: SSH. Used when Service CT is created in compact mode
  • 8443, 8080: Plesk integration
  • 4646: TCP VZAgent SOAP
  • 4643: Parallels Infrastructure Manager
  • 4450,4452: Used for connection to ADAM and PIM authorization
  • 1433: Used by PMC to retrieve statistics from MSSQL database inside SCT
If you would like to close the required ports inside the service container, directly from the Node, you can use the following script (to apply it, create a .cmd file and copy and paste the script commands there):

vzctl exec 1 netsh firewall set opmode enable
vzctl exec 1 netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4643 name="Parallels Infrastructure Manager"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4450 name="ADAM and PIM authorization 4450"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4452 name="ADAM and PIM authorization 4452"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=1433 name="for PMC, to retrive statistics from MSSQL database"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP 8443"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8080 name="Plesk-VZPP 8080"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=445 name="ICMP"
pause 10


Virtuozzo 3.5.1

The following ports should be opened on the Hardware Node and Service Container:

  - 22: This port should be opened inside the Service Container and is needed to establish an SSH connection to the Service Container from the computer where VZMC is installed.
 
  - 4643: This port should be opened inside the Service Container and is needed to connect to the Service Container and other containers on the node through VZCC/VZPP.

  - 4646: SOAP

  - 3141: This port should be opened on the Hardware Node and is needed to view information on the current HN resources consumption on the Monitor Node or through a standard web browser. 

  - 3389: This port should be opened on the Hardware Node and is needed to connect to your containers (for the 3.5.1 version) by means of the standard Windows Remote Desktop Connection (RDP) application.
 
Note: Starting from Virtuozzo 3.5.1 Service Pack 1, the 3389 port should be opened inside each container because each container has its own terminal server.
 
  - 8049: This port should be opened on the Hardware Node and is needed to check the information on the current state of the Hardware Node through a standard web browser. 

  - 139 and 445: These ports are for Named Pipes, which VZAgent uses to communicate with the VZAOP service.

  - 8443: This port should be opened inside Service Container. It’s required for Plesk/VZPP integration.

If you would like to close the required ports inside Service Container directly from the node, you can use the following script (to apply it, create a .cmd file and copy and paste the script commands there):

vzctl exec 1 netsh firewall set opmode enable
vzctl exec 1 netsh firewall set portopening protocol=TCP port=3389
vzctl exec 1 netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=139 scope=all profile=all
vzctl exec 1 netsh firewall set portopening protocol=TCP port=445 scope=all profile=all
pause 10

d02f9caf3e11b191a38179103495106f a06f7889a0f0293c5c75e7ee47fa3d96 965b49118115a610e93635d21c5694a8 1348db476c8a5844ffbef8d503db9c15 28d0f7cc091e3b9304fa556c03f9a940 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF