Configuring your VPS Firewall

Managing Your VPS Firewall Through the Client Portal

This guide explains how you can manage the firewall on your Virtual Private Server (VPS) directly through your client portal. This convenient tool allows you to control the network traffic allowed to and from your server, enhancing its security.

Important Considerations:

• Default Policy: By default, your VPS has a restrictive firewall policy. All incoming connections are block, while all outgoing connections are allowed. You will need to explicitly allow traffic for any other services or applications you want to run.
• Understanding Ports and Protocols: Firewall rules are based on network ports and protocols.
  • Port: Think of a port as a virtual doorway on your server. Different services listen on different ports (e.g., web servers typically use port 80 for standard HTTP and port 443 for secure HTTPS).
  • Protocol: The protocol defines the language used for communication. The most common protocols are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
• Security Best Practices: Only open the ports you absolutely need. Grant access only to specific IP addresses or ranges if possible. Incorrectly configured firewall rules can block legitimate access to your server.

Accessing the Firewall Management Tool in your Client Portal:

1. Log in to your client portal. You can find the login link on our website or navigate to https://my.metrofilecloud.com
2. Navigate to your VPS service. This might be under "My Services," "Products & Services," or a similar section. Click on the specific VPS you want to manage.
3. Look for a "Firewall" or "Security" tab/section. Within the management options for your VPS, you should find a dedicated area for firewall management. Click on this.

Creating Firewall Rules:

The firewall management interface in your Client Portal will provide options to add new rules. Here's what you'll typically need to specify:

• Direction:
  • Inbound: Traffic coming into your VPS from the internet. You'll most often be creating inbound rules to allow access to your services.
  • Outbound: Traffic going out from your VPS to the internet. You might need to configure outbound rules in specific cases, though the default policy often allows most outbound connections.
• Action:
  • Allow: Permits traffic that matches the rule.
  • Deny: Blocks traffic that matches the rule.
• Protocol: Choose the network protocol:
  • TCP: The most common protocol for web browsing, email, and SSH.
  • UDP: Often used for gaming, streaming, and DNS.
  • ICMP: Used for network diagnostic tools like ping.
  • All: Applies to all protocols.
• Port(s): Specify the port number or range of ports:
  • Single Port: Enter a single port number (e.g., 80).
  • Port Range: Enter a range of ports separated by a hyphen (e.g., 1024-1050).
  • All: Applies to all ports (use with caution!).
• Source (Optional): You can restrict access based on the originating IP address or IP range:
  • Any: Allows traffic from any IP address on the internet.
  • Specific IP Address: Enter a single IP address (e.g., 192.168.1.10).
  • IP Range (CIDR Notation): Enter an IP range using CIDR notation (e.g., 203.0.113.0/24).
• Description (Optional): Add a brief description to help you remember the purpose of the rule (e.g., "Allow HTTP Access").

Example (Allowing HTTP access):

To allow standard web traffic to your VPS:

1. Go to the Firewall management section in your Client Portal.
2. Click "Add Rule" (or a similar button).
3. Set Direction to Inbound.
4. Set Action to Allow.
5. Set Protocol to TCP.
6. Set Port(s) to 80.
7. Leave Source as Any (unless you want to restrict access).
8. Click "Save" or "Add Rule."

Example (Allowing SSH from your home IP):

To allow secure remote access only from your home internet (assuming your home IP address is [Your Home IP Address]):

1. Go to the Firewall management section in your Client Portal.
2. Click "Add Rule" (or a similar button).
3. Set Direction to Inbound.
4. Set Action to Allow.
5. Set Protocol to TCP.
6. Set Port(s) to 22.
7. Enter your home IP address in the Source field.
8. Click "Save" or "Add Rule."

Common Ports You Might Need to Open:

• 80 (HTTP): Standard port for unencrypted web traffic.
• 443 (HTTPS): Standard port for secure, encrypted web traffic (SSL/TLS).
• 21 (FTP): Port for File Transfer Protocol (less secure, consider SFTP).
• 22 (SSH): Port for secure remote access via SSH. It's crucial to restrict access to this port to known and trusted IP addresses whenever possible.
• 25 (SMTP): Port for sending email.
• 110 (POP3): Port for receiving email (less secure).
• 143 (IMAP): Port for receiving email.
• Specific ports for applications: If you are running specific applications (e.g., a game server, a custom web application), you will need to open the ports they use. Refer to the application's documentation.

Important Reminders:

• Test Your Rules: After adding or modifying firewall rules, always test if you can still access the services you intended to open.
• Be Careful with Blocking: Incorrectly blocking essential ports can lock you out of your server.
• Review Regularly: Periodically review your firewall rules to ensure they are still necessary and secure.

By using the firewall management tool in your Client Portal, you have direct control over the security of your VPS. Take advantage of this feature to protect your server and data effectively.

Should you require any assistance or have questions around adding firewall rules please contact our support team at [email protected]