====== The Brightbox Network ======
The are two main network segments used directly by Brightboxes, the public segment and the private segment.  Each Brightbox comes with two virtual network interfaces, each one connected to a different segment.

===== Public Segment =====
The public segment is used to carry Internet traffic, such as your web application traffic or your ssh remote access.  The IP addresses are regular Internet accessible addresses.

===== Private Segment =====
The private segment is used to carry local traffic, such as MySQL data, backups or traffic between your Brightboxes.  The IP addresses used here are non-Internet addressable (in the range ''10.1.x.x'').

===== Bandwidth Quota =====
Only traffic going across the public segment is used to calculate your bandwidth usage.  So, if you're transferring data between Brightboxes do make sure that you're using your private IP addresses.


====== Firewalls ======
All Brightboxes are located behind firewalls with only a limited set of ports open.

The following services and ports are open by default:

^ Service ^ Expected use ^
| TCP 22 | SSH remote access |
| ICMP type 8 | Ping requests |
| TCP 80 | HTTP web requests |
| TCP 443 | HTTPS ssl web requests |
| TCP 21 | FTP file transfer |
| TCP 3960 | Subversion access |
| TCP 3000 | Default Rails devleopment web service |

If you require additional ports to be opened for your Brightbox, please submit a support request with the [[docs:HelpDesk|Help Desk]]

If you want to run your own firewall (e.g using ip tables) then you can request to have all ports opened.