I have a question regarding VM port.
Say I have a Virtual Machine and a Host Machine. The opening ports on Host are 80, 22, 443 only. if I opened ports 80, 22, 443 VM it should be working. However if I opened port 21 on VM, will it work? If it works, does it mean the port 21 on Host is opened also?
My understanding is that the network traffic goes from VM's virtual network adapter to Host's physical network adapter. So the ports on these 2 network adapters should match. Am I correct to say this?
In general, opening ports on a virtual machine will not cause them to be opened on the host, network firewall, or anywhere else. However, it depends on the virtual host's networking setup. If the traffic is NATted by the host, its firewall may filter it. If the interface is bridged (virtual machines appear to be actual hosts on the network), it is unlikely that the host's firewall will filter it. If you are using host-only networking, opening any port on the VM will have no effect on the outside world except that the host (and possibly other VMs on that host) will be able to connect to the VM on that port.
When the VM is configured to share the network adapter, the host and the guest have different IP addresses on the local network, which can be used to distinguish between a connection to port 80 on the host and port 80 on the guest.
In most type 1 hypervisors the networking stack of the hypervisor is what operates the physical NIC. In that case the hypervisor OS simply puts whatever packets that end up on the virtual nic on to the physical nic (likewise in reverse putting packets from the Pnic on the appropriate vnic ). While it is possible to include virtual firewalls in the mix, changing settings on the management OS itself will not affect traffic on any guests.
In type 2 hypervisors a similar process is followed although in that case (as there is an OS hosting the hypervisor), it is possible to route traffic thru the host OS networking stack which would allow firewall settings to apply to inbound and outbound traffic.