DigitalOcean

Report this

What is the reason for this report?
Question

Security of connections between servers

Posted on July 1, 2016
Security
Networking
richardg

By richardg

How secure is a connection between two Digital Ocean servers? Would network traffic be accessible to any other servers?



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
jcust
jcust
July 2, 2016

Private network is not open to the world, but it IS open to every droplet in the region … which is a huge number of droplets. So, you do need to implement security. You can use iptables and vpn. There are tutorials already written here to do just that.

0
Jonathan Tittle
Jonathan Tittle
July 6, 2016

@richardg

If you’re using Ubuntu, a more simplified alternative (and overlay on top of) iptables is ufw. You should assume the worst and prepare for it, regardless of the access method. Using ufw you can set up a deny all rule first, then set up your allow rules individually.

The deny all should be set first as, IIRC, the rules are followed in the order they are set so, for instance, allowing Port 22, then setting up a deny all rule will still allow access on Port 22 since the allow rule was set first.

On Ubuntu you can use something such as:

ufw disable

ufw default deny \
&& ufw allow 22/tcp \
&& ufw allow 80/tcp \
&& ufw allow 443/tcp \
&& ufw allow 53/tcp \
&& ufw allow 53/udp \
&& ufw enable

And then type in y and hit enter/return.

What The Commands Do

  • Disables ufw, if enabled.
  • Sets the Default Rule to Deny ALL Connections.
  • Allows Connections on Port 22 (SSH) via TCP
  • Allows Connections on Port 80 (HTTP) via TCP
  • Allows Connections on Port 443 (HTTP) via TCP
  • Allows Connections on Port 53 (DNS) via TCP
  • Allows Connections on Port 53 (DNS) via UDP
  • Enables ufw

Port 53 (DNS) is setup to allow connections on both TCP and UDP as without these rules in place, you may run in to issues using apt-get update | upgrade | install since connects to and from may not be able to resolve properly.

The others simply allow connections through so that you can connect to SSH and receive incoming requests via the standard HTTP/HTTPS ports.

You can add additional rules by simply changing the port number and choosing a protocol, like so:

#+ ufw allow #/protocol

ufw allow 8899/tcp

Most connections are going to be over TCP unless there’s something that explicitly requires that UDP be allowed. That should be stated, otherwise it’s safe to say that TCP should be used as the protocol.

The benefit here is that by using ufw you’re covering your IPv4, IPv6 and Private Network IP’s with one solution.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.