• Scalable File Service

sfs
  1. Help Center
  2. Scalable File Service
  3. User Guide
  4. FAQs
  5. Does the Security Group of VPC Affect SFS?

Does the Security Group of VPC Affect SFS?

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. After a security group is created, you can create different access rules for the security group to protect the ECSs that are added to this security group. The default security group rule allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. The system creates a security group for each cloud account by default. Users can also create custom security groups by themselves.

When creating the security group, you need to add the inbound rule and outbound access rule, and enable the ports needed by the NFS protocol and DNS server of SFS to ensure that the file system can be successfully mounted. The port numbers required by the NFS protocol are 111, 2049, 2050, 2051, 2052. The port number required by the DNS server is 53.

Example Value

  • Inbound Rule

    Direction

    Protocol

    Port Range

    Source IP Address

    Description

    Inbound

    TCP&UDP

    53

    IP Address

    0.0.0.0/0

    One port corresponds to one access rule. You need to add information to the ports one by one.

  • Outbound rule

    Direction

    Protocol

    Port range

    Source IP Address

    Description

    Outbound

    TCP&UDP

    53

    IP Address

    0.0.0.0/0

    One port corresponds to one access rule. You need to add information to the ports one by one.

    NOTE:

    For port 111, 2049, 2050, 2051, and 2052, only the outbound access rule needs to be added, which is the same as the outbound rule of port 53.