Parallels

Resolution

1. Hardware node (INPUT, OUTPUT chains)

* close all ports except port 22.
* open ports 20, 21, 80, 110 for namebased hosting if you are going to use it (please see below).
* open port 80 if you are using EZ templates, it is needed to connect to external repositories to create templates cache.
* open port 21 if you are using Debian EZ templates, it is needed to connect to Debian repository to create templates cache.
* open port 443, it is needed to connect to vzup2date server vzup2date.swsoft.com.
* open port 5224, it is needed to connect to Parallels Key Administrator to update Virtuozzo license.

2. Service Container (INPUT, OUTPUT chains)

incoming connections:

* port 22 from the nodes in the same cluster, from the VZMC/PMC workstations and from PBAS (if you manage hardware node using VZMC/PMC and PBAS)
* ports 25, 110, 80 from everywhere: Service Container takes the IP address of a container which is down for backuping or migration and displays a nice maintenance message; port 25 should also be opened for namebased hosting.
* ports 4643, 8443 from everywhere: that is the VZPP/PPP and Plesk ports
* port 4646 is a port of VZAgent SOAP interface; open it for selected hosts if you are going to use it.

outgoing connections:

* port 22 should be opened for connecting to other nodes in the same cluster.

---

Namebased hosting is a method of creating containers with internal IPs (like 192.168.*.*) and forwarding four protocols (HTTP, FTP, SMTP, and POP3) to containers according to their hostnames. It has nothing to do with hostname based virtual hosts in Apache configuration.