How Can I Configure Ports for a Bastion Host?
To properly use a bastion host, configure the instance and resource security group ports by referring to Table 1.
Scenario Description | Direction | Protocol/Application | Port |
|---|---|---|---|
Accessing a bastion host through a web browser (HTTP and HTTPS) | Inbound | TCP | 80, 443, and 8080 |
Accessing a bastion host through Microsoft Terminal Services Client (MSTSC) | Inbound | TCP | 53389 |
Accessing a bastion host through an SSH client | Inbound | TCP | 2222 |
Accessing a bastion host through FTP clients | Inbound | TCP | 20~21 |
Remotely accessing Linux ECSs of a bastion host over SSH clients | Outbound | TCP | 22 |
Remotely accessing Windows ECSs of a bastion host over the RDP Protocol | Outbound | TCP | 3389 |
Accessing Oracle databases through a bastion host | Inbound | TCP | 1521 |
Accessing Oracle databases through a bastion host | Outbound | TCP | 1521 |
Accessing MySQL databases through a bastion host | Inbound | TCP | 33306 |
Accessing MySQL databases through a bastion host | Outbound | TCP | 3306 |
Accessing SQL Server databases through a bastion host | Inbound | TCP | 1433 |
Accessing SQL Server databases through a bastion host | Outbound | TCP | 1433 |
Accessing DB databases through a bastion host | Inbound | TCP | 50000 |
Accessing DB databases through a bastion host | Outbound | TCP | 50000 |
Accessing GaussDB databases through a bastion host | Inbound | TCP | 18000 |
Accessing GaussDB databases through a bastion host | Outbound | TCP | 18000 |
License servers | Outbound | TCP | 9443 |
Cloud services | Outbound | TCP | 443 |
Accessing a bastion host system through the SSH client in the same security group | Outbound | TCP | 2222 |
SMS service | Outbound | TCP | 10743 and 443 |
Domain name resolution service | Outbound | UDP | 53 |
Accessing PGSQL databases through a bastion host | Inbound | TCP | 15432 |
Accessing PGSQL databases through a bastion host | Outbound | TCP | 5432 |