I have a working DC in Amazon's Cloud center us-west1a to which I have previously joined a local server.
However, I did that by configuring the Amazon firewall (around each virtual machine) to have all ports, both TCP and UDP, open all the time.
This time, I wanted to have better security so I browsed through the Inbound rules on each machine and opened all of the listed ports on both firewalls.
Now I get part way, but not all the way. After 10 or 15 seconds of waiting, I get: "The specified server cannot perform the requested operation."
Obviously, I am missing one or more ports. But which ones?
I am puzzled by some 'port' entries such as; IPHTTPS, RPC Endpoint Mapper, and RPC Dynamic Ports because I have no idea what to code in Amazon's simple firewall that allows me to name just a port number or a range (x-y.)
The categories of rules are:
Custom TCP rule
Custom UDP rule
Custom ICMP rule
All TCP
All UDP
All ICMP
SSH
SMTP
DNS
HTTP
POP3
IMAP
LDAP
HTTPS
SMTPS
IMAPS
POP3S
MY SQL
MYSQL
RDP
But this list really doesn't help me all that much.
I am also puzzled by the wide variety of programs that all "All" inbound ports. I am guessing an outside caller wakes up one of these programs through one or more of the 'always open' ports and then the firewall magically opens all the rest of the ports because a listed program is now running. But this won't help me to configure the Amazon firewall.
Over many years I have often tried to research this problem and have found many different lists of ports to open along with a lot of information on 'dynamic ports' for which the Amazon firewall seems to make no provisions.
Does anyone have the list I need? Or, What can I do short of opening EVERYTHING! (I already have all ports open from 1024-65535. The theory being that those do not create any serious vulnerabilities.)
Jim Kay