Article ID: 3106, created on Nov 30, 2007, last review on Apr 21, 2015

  • Applies to:
  • H-Sphere

Resolution

Ports (Firewall Configuration)

In your firewall settings, open the following ports in both directions and specify the connection type - tcp or udp or both.
We need that firewall be configured by our customers.

[-] Pix firewall note
Pix firewall doesn't work correctly with H-Sphere and SiteStudio, because it doesn't allow servers within one H-Sphere cluster to communicate by external IPs, which is critical for both products.

Port Usage CP Server Web Server Mail Server DNS Server MySQL Server PGSQL Server Real Server Windows Server MS SQL Server MPS Server
20 FTP-DATA   tcp           tcp    
21 FTP   tcp           tcp    
22 SSH* tcp tcp tcp tcp tcp tcp tcp      
25 SMTP     tcp         tcp    
53 DNS udp udp udp tcp and udp ** udp udp udp udp udp  
80 HTTP   tcp tcp   tcp tcp tcp tcp tcp tcp
110 POP     tcp              
143 IMAP     tcp              
144 IMAP proxy     tcp for local host only              
443 HTTPS tcp tcp           tcp    
465*** Mail SSL     tcp              
587 submission     tcp              
873 RSYNC tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers tcp between H-Sphere servers  
953 RNDC       tcp and udp**            
993*** Mail SSL     tcp              
995*** Mail SSL     tcp              
1433 MS SQL               tcp tcp  
1922 IMAGEMAKER tcp for localhost only                  
3306 MySQL         tcp     tcp    
3389 Terminal Service               tcp tcp  
5432 Postgres           tcp   tcp    
5631 pcAnywhere               tcp (optional) tcp (optional)  
8007 Apache JServ (not used in HS 2.4 and up) tcp for localhost only                  
8009 Tomcat tcp                  
8080 HTTP tcp                  
8443 SSL tcp                  
55000 OpenSRS tcp (if used)                  
10125 SOAP

SOAP (hide)

SOAP (Simple Object Access Protocol) serves data communication between Control panel and Windows servers.

tcp between H-Sphere servers             tcp tcp  

*For those requesting PSoft support, make sure your firewall settings allow SSH connection to PSoft IPs.

**For highest security, open:
  - udp permanently;
  - tcp worldwide during H-Sphere installation and post-installation tests;
  - tcp between H-Sphere DNS servers permanently.

***Open these ports only if you want to use Mail SSL.

Note: In the above table, all ports should be opened for external connections unless specified otherwise (for example, "tcp between H-Sphere servers").

DNS Server Notes:

1. Port 953 (rndc) should be open for localhost only if your DNS server is using BIND 9.x.

2. If your DNS server is using BIND 8.x, it can be upgraded to run with H-Sphere, but old domains would still have to be managed by hand. Please agree your DNS server upgrade with our installation team.
* As of now we don't provide support for Reverse DNS configuration.

f213b9fa8759d57bee5d547445806fe7 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF