Open and Close ports

Discussion in 'Installation/Configuration' started by Toucan, Mar 14, 2010.

  1. Toucan

    Toucan New Member

    I'm running ISPConfig3 on debian as per the perfect guide and today did the updrade (which went perfectly!)

    Up until now, I've had my router forwarding all ports to that one server. I appreciate this isn't very good for security and as such would like to only forward the ports necessary. I've made no custom changes to my system.

    Which ports do I need fowarded?
    8080 for the control panel
    2812 for monit
    80 for apache web server
    21 for FTP
    22 for the remote shell? (is that right?)

    Are there any others that I've not thought of?


    Also someone on my network keeps downloading torrents that I'd like to block as they are affecting the my services. I think they work on the 6000s. If i block them outbound and inbound will it have any affect on my web services?
     
  2. Fantu

    Fantu New Member

    22 standard for ssh ok
    there are also (if you use, if not not open):
    443 for https
    3306 for mysql if you have to access from remote
    25 smtp
    465 smtp ssl/tls
    110 pop3
    995 pop3 ssl
    53 dns
    143 imap
     
  3. Toucan

    Toucan New Member

    SSH and web serving went well but I had a problem connect the mail services.

    I used the following inbound table settings:

    ! Service Name Filter LAN Server IP Address LAN Users WAN Users Destination Bandwidth Profile Log
    admin Allow Always 192.168.0.1 ANY ADSL NONE Never
    ANY Allow Always 192.168.0.100 ANY ADSL NONE Never
    DNS:UDP Allow Always 192.168.0.100 ANY ADSL NONE Never
    DNS:TCP Allow Always 192.168.0.100 ANY ADSL NONE Never
    SSH:TCP Allow Always 192.168.0.100 ANY ADSL NONE Never
    SSH:UDP Allow Always 192.168.0.100 ANY ADSL NONE Never
    ISPConfig Cpanel Allow Always 192.168.0.100 ANY ADSL NONE Never
    Monit Allow Always 192.168.0.100 ANY ADSL NONE Never
    HTTP Allow Always 192.168.0.100 ANY ADSL NONE Never
    FTP Allow Always 192.168.0.100 ANY ADSL NONE Never
    HTTPS Allow Always 192.168.0.100 ANY ADSL NONE Never
    mysql Allow Always 192.168.0.100 ANY ADSL NONE Never
    SMTP Allow Always 192.168.0.100 ANY ADSL NONE Never
    smtp SSL Allow Always 192.168.0.100 ANY ADSL NONE Never
    POP3 Allow Always 192.168.0.100 ANY ADSL NONE Never
    POP3 SSL Allow Always 192.168.0.100 ANY ADSL NONE Never
    IMAP2 Allow Always 192.168.0.100 ANY ADSL NONE Never
    IMAP3 Allow Always 192.168.0.100 ANY ADSL NONE Never
    SMTP Custom Allow Always 192.168.0.100 ANY ADSL NONE Never
    POP3 Custom Allow Always 192.168.0.100 ANY ADSL NONE Never
    imap Allow Always 192.168.0.100 ANY ADSL NONE Never


    I set the imap and pop services to TCP, is that right?
     
  4. Fantu

    Fantu New Member

    yes, tcp, but the problem can also be other and not firewall
     
  5. Toucan

    Toucan New Member

    I'm not sure I follow.

    When I set all ports to foward to that 1 lan ip address all services work fine. When I close it down to the ports listed the mail service stops working.

    Where else could the problem be? The only thing I can think of is my mail services don't work on the one you listed.

    Is there a command I can run to find out what ports are being used?
     
  6. Toucan

    Toucan New Member

    Can anyone tell me how I find out what port my mail server is using so I can set up port forwarding from the router please?
     
  7. till

    till Super Moderator

  8. Toucan

    Toucan New Member

Share This Page