If you know the commonly used ports of ECS instances, you can add and modify security group rules more accurately. This topic describes commonly used ports of ECS instances and the typical applications of these ports.
Commonly used ports
|21||FTP||A port opened to the FTP service. The port is used to upload and download files.|
|22||SSH||SSH port, which is used to connect to a Linux instance by using a password in the command line mode.|
|23||Telnet||Telnet port, which is used to telnet to the ECS instance.|
|25||SMTP||A port opened to the SMTP service. The port is used to send emails.
For security purposes, ECS instances are disabled to access port 25. If you want to enable ECS instances to access this port, see Apply to enable TCP port 25.
|80||HTTP||This port provides access to HTTP services, such as IIS, Apache, and Nginx.
For more information, see Verify if TCP port 80 works properly.
|110||POP3||This port is used for the POP3 protocol to send and receive emails.|
|143||IMAP||This port is used for the IMAP protocol to receive emails.|
|443||HTTPS||This port is used to provide access to the HTTPS service. HTTPS is a protocol that provides encryption and transmission through secure ports.|
|1433||SQL Server||The TCP port of the SQL Server. This port is used for the SQL Server to provide external services.|
|1434||SQL Server||The UDP port of the SQL Server. This port is used to return which TCP/IP port the SQL Server uses.|
|1521||Oracle||An Oracle communication port. This port needs to be enabled when Oracle SQL is deployed on the ECS instance.|
|3306||MySQL||The port through which the MySQL database provides external services.|
|3389||Windows Server Remote Desktop Services||This port is used to connect to a Windows instance.|
|8080||Proxy port||Similar to port 80, port 8080 is used by WWW agents to browse webpages. If you use port 8080 to access a website or use a proxy server, you must add
|137, 138, and 139||NetBIOS protocol||
Typical applications of commonly used ports
|Scenario||Network type||NIC||Rule direction||Authorization policy||Protocol type||Port range||Authorization type||Authorization object||Priority|
|Remote access to Linux instances through SSH||VPC||Configuration is not required.||Inbound||Allow||SSH (22)||22/22||Address field access||0.0.0.0/0||1|
|Remote access to Windows instances through RDP||VPC||Configuration is not required.||Inbound||Allow||RDP (3389)||3389/3389||Address field access||0.0.0.0/0||1|
|Ping ECS instances through the Internet||VPC||Configuration is not required.||Inbound||Allow||ICMP||-1/-1||Address field access or security group access||Set this parameter according to the authorization type.||1|
|Use an ECS instance as a Web server.||VPC||Configuration is not required.||Inbound||Allow||HTTP (80)||80/80||Address field access||0.0.0.0/0||1|
|Upload or download files through FTP.||VPC||Configuration is not required.||Inbound||Allow||Custom TCP||20/21||Address field access||0.0.0.0/0||1|
- Some operators consider ports 135, 139, 444, 445, 5800, and 5900 as high-risk ports and block these ports by default. Therefore, even if the ports are enabled for ECS instances, the ports cannot be accessed in some regions. We recommend that you use non-high-risk ports to meet your specific service needs.
- For more information about Windows instance service ports, see Service overview and network port requirements for Windows.