Updated on 2024-11-08 GMT+08:00

Allowing Common Ports with a Few Clicks

Scenarios

You can configure a security group to allow common ports with a few clicks. This function is suitable for the following scenarios:
  • Remotely log in to ECSs.
  • Use the ping command to test ECS connectivity.
  • ECSs functioning as web servers provide website access services.

Table 1 describes the common ports that can be opened with a few clicks.

Table 1 Common ports

Direction

Protocol & Port & Type

Source/Destination

Description

Inbound

TCP: 22 (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs.

TCP: 3389 (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs.

TCP: 80 (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites.

TCP: 443 (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites.

TCP: 20-21 (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files.

ICMP: All (IPv4)

0.0.0.0/0

Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity.

Outbound

All (IPv4)

All (IPv6)

0.0.0.0/0

::/0

Allows access from ECSs in the security group to any IP address over any port.

If the source is set to 0.0.0.0/0 or::/0, then all external IP addresses are either allowed or denied to access your instances, depending on if the action is Allow or Deny. If the access is allowed, exposing high-risk ports, such as port 22, 3389, or 8848, to the public network will leave your instances vulnerable to network intrusions, service interruptions, data leakage, or ransomware attacks. You should only configure known IP addresses for the security group rule.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner and choose Networking > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  4. In the navigation pane on the left, choose Access Control > Security Groups.

    The security group list is displayed.

  5. In the security group list, click the name of the security group.

    The security group details page is displayed.

  6. Click the Inbound Rules or Outbound Rules tab, and then click Allow Common Ports.

    The Allow Common Ports page is displayed.

  7. Click OK.

    After the operation is complete, you can view the added rules in the security group rule list.