How Can I Configure Ports for a Bastion Host?
To properly use a bastion host, configure the instance and resource security group ports by referring to Table 1.

- During cross-version upgrade, ports 80, 8080, 443, and 2222 are automatically enabled for the instance. If you do not need to use these ports, disable them immediately after the upgrade.
- During cross-version upgrade, ports 22, 31036, 31679, and 31873 are automatically enabled for the instance. After the upgrade, keep port 31679 enabled and disable other ports immediately if you do not need to use them.
Scenario Description |
Direction |
Protocol/Application |
Port |
---|---|---|---|
Accessing a bastion host through a web browser (HTTP and HTTPS) |
Inbound |
TCP |
80, 443, and 8080 |
Accessing a bastion host through Microsoft Terminal Services Client (MSTSC) |
Inbound |
TCP |
53389 |
Accessing a bastion host through an SSH client |
Inbound |
TCP |
2222 |
Accessing a bastion host through FTP clients |
Inbound |
TCP |
2121 and 20000 to 21000 |
Accessing a bastion host through an SFTP client |
Inbound |
TCP |
2222 |
Remotely accessing Linux cloud servers managed by a bastion host over SSH clients |
Outbound |
TCP |
22 |
Remotely accessing Windows cloud servers managed by a bastion host over the RDP protocol |
Outbound |
TCP |
3389 |
Accessing Oracle databases through a bastion host |
Inbound |
TCP |
1521 |
Accessing Oracle databases through a bastion host |
Outbound |
TCP |
1521 |
Accessing MySQL databases through a bastion host |
Inbound |
TCP |
33306 |
Accessing MySQL databases through a bastion host |
Outbound |
TCP |
3306 |
Accessing SQL Server databases through a bastion host |
Inbound |
TCP |
1433 |
Accessing SQL Server databases through a bastion host |
Outbound |
TCP |
1433 |
Accessing DB databases through a bastion host |
Inbound |
TCP |
50000 |
Accessing DB databases through a bastion host |
Outbound |
TCP |
50000 |
Accessing GaussDB databases through a bastion host |
Inbound |
TCP |
18000 |
Accessing GaussDB databases through a bastion host |
Outbound |
TCP |
8000 and 18000 |
License servers |
Outbound |
TCP |
9443 |
Huawei Cloud services |
Outbound |
TCP |
443 |
Accessing a bastion host system through an SSH client in the same security group |
Outbound |
TCP |
2222 |
SMS service |
Outbound |
TCP |
10743 and 443 |
Domain name resolution service |
Outbound |
UDP |
53 |
Accessing PGSQL databases through a bastion host |
Inbound |
TCP |
15432 |
Accessing PGSQL databases through a bastion host |
Outbound |
TCP |
5432 |
Accessing DM databases through a bastion host |
Inbound |
TCP |
15236 |
Accessing DM databases through a bastion host |
Outbound |
TCP |
5236 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot