<p>Security group rules control access to inbound and outbound traffic of BMS. By default, all inbound and outbound traffic is denied. When communication is required, the security group rules can be set to release restrictions. The following are descriptions of some commonly used ports.</p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="background-color:#ededed; vertical-align:top"> <p>Port</p> </td> <td style="background-color:#ededed; vertical-align:top"> <p>Service</p> </td> <td style="background-color:#ededed; vertical-align:top"> <p>Description</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>21</p> </td> <td style="vertical-align:top"> <p>FTP</p> </td> <td style="vertical-align:top"> <p>A port opened to the FTP service. The port is used to upload and download files.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>22</p> </td> <td style="vertical-align:top"> <p>SSH</p> </td> <td style="vertical-align:top"> <p>SSH port, which is used to connect to a Linux instance by using user name and password in the command line mode.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>23</p> </td> <td style="vertical-align:top"> <p>Telnet</p> </td> <td style="vertical-align:top"> <p>Telnet port, which is used to telnet to the ECS instance.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>25</p> </td> <td style="vertical-align:top"> <p>SMTP</p> </td> <td style="vertical-align:top"> <p>A port opened to the SMTP service. The port is used to send emails.</p> <p>For security purposes, ECS instances are disabled to access port 25. If you want to enable ECS instances to access this port, see Apply to Enable TCP Port 25.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>80</p> </td> <td style="vertical-align:top"> <p>HTTP</p> </td> <td style="vertical-align:top"> <p>This port provides access to HTTP services, such as IIS, Apache, and Nginx.</p> <p>For more information, see Verify If TCP Port 80 Works Properly.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>110</p> </td> <td style="vertical-align:top"> <p>POP3</p> </td> <td style="vertical-align:top"> <p>This port is used for the POP3 protocol to send and receive emails.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>143</p> </td> <td style="vertical-align:top"> <p>IMAP</p> </td> <td style="vertical-align:top"> <p>This port is used for the POP3 protocol to send and receive emails.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>443</p> </td> <td style="vertical-align:top"> <p>HTTPS</p> </td> <td style="vertical-align:top"> <p>This port is used to provide access to the HTTPS service. HTTPS is a protocol that provides encryption and transmission through secure ports.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>1433</p> </td> <td style="vertical-align:top"> <p>SQL Server</p> </td> <td style="vertical-align:top"> <p>The TCP port of the SQL Server. This port is used for the SQL Server to provide external services.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>1434</p> </td> <td style="vertical-align:top"> <p>SQL Server</p> </td> <td style="vertical-align:top"> <p>The UDP port of the SQL Server. This port is used to return which TCP/IP port the SQL Server uses.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>1521</p> </td> <td style="vertical-align:top"> <p>Oracle</p> </td> <td style="vertical-align:top"> <p>An Oracle communication port. This port needs to be enabled when Oracle SQL is deployed on the BMS instance.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>3306</p> </td> <td style="vertical-align:top"> <p>MySQL</p> </td> <td style="vertical-align:top"> <p>The port through which the MySQL database provides external services.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>3389</p> </td> <td style="vertical-align:top"> <p>Windows Server Remote Desktop Services</p> </td> <td style="vertical-align:top"> <p>Windows Server Remote Desktop Services port. This port is used to connect to a Windows instance using software.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>8080</p> </td> <td style="vertical-align:top"> <p>Proxy port</p> </td> <td style="vertical-align:top"> <p>Similar to port 80, port 8080 is used by WWW agents to browse webpages. If you use port 8080 to access a website or use a proxy server, you must add :8080 after the IP address. If you install the Apache Tomcat service, the default service port is 8080.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>137、138、139</p> </td> <td style="vertical-align:top"> <p>NetBIOS protocol</p> </td> <td style="vertical-align:top"> <p>Ports 137 and 138 are UDP ports used to transfer files through the network neighborhood.</p> <p>Port 139 provides access to the NetBIOS/SMB service.</p> <p>The NetBIOS protocol is often used for Windows files, printer sharing, and Samba.</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p><strong>Prerequisites</strong></p> <p>1. You have successfully created VPC and network. For more information, see Create VPC and Create BMS Network Domain.</p> <p>2. You have successfully created a security group. For more information, see Create Security Group.</p> <p><br /> <strong>Procedure</strong></p> <p>1. Log in to the <a href="#https://yun.pingan.com/login/?i=%2Fconsole%2Fbms%2Foverview" target="_blank">BMS console</a>.</p> <p>2.Click<strong> Security Group</strong> in the left-side navigation pane.</p> <p>3. On the <strong>Security Group</strong> page, select a target region.&nbsp;</p> <p>4. Click the name of the target security group.</p> <p>5. On the<strong> Security Group Details</strong> page, click <strong>Security Group Rules &gt; Create.</strong></p> <p>6. In the pop-up dialog box for<strong> Security Group Rules Creation, </strong>select and enter the relevant information.</p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="background-color:#ededed; vertical-align:top"> <p><strong>Configuration</strong></p> </td> <td style="background-color:#ededed; vertical-align:top"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Rule direction</p> </td> <td style="vertical-align:top"> <p>You can customize the direction of access：</p> <ul> <li>Outbound：The BMS instance in the instance list is allowed to access the authorized IP address (the direction of outgoing network domain).</li> <li>Inbound：The authorized IP address accesses the BMS instance in the instance list (the direction of incoming network domain).</li> </ul> <p>The BMS security group rules need to be configured only when accessing ECS across VPC or BMS.</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Protocol type</p> <p>&nbsp;</p> </td> <td style="vertical-align:top"> <p>Three protocol types：TCP, UDP, ICMP</p> <ul> <li>TCP：You need to fill in the port range and authorized IP address.</li> <li>UDP：You need to fill in the port range and authorized IP address.</li> <li>ICMP：You just need to fill in the authorized IP address.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top"> <p>Port range</p> </td> <td style="vertical-align:top"> <p>The port range should not contain any characters other than &ldquo;,&rdquo; &ldquo;-&rdquo;. The format is :1-200, 203, 280-289</p> <p>For example, you need to open port 22, 201-210, and fill in the form 22, 201-210</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>Authorized IP</p> </td> <td style="vertical-align:top"> <p>The authorized IP uses the IPV4 address/subnet mask format, for example, 192.168.99.0/24.</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p><strong>Results</strong></p> <p>Once created, you can view the security group rules you have created on the <strong>Security Group Rules</strong> page.</p>