Open and Close ports

I'm running ISPConfig3 on debian as per the perfect guide and today did the updrade (which went perfectly!)

Up until now, I've had my router forwarding all ports to that one server. I appreciate this isn't very good for security and as such would like to only forward the ports necessary. I've made no custom changes to my system.

Which ports do I need fowarded?
8080 for the control panel
2812 for monit
80 for apache web server
21 for FTP
22 for the remote shell? (is that right?)

Are there any others that I've not thought of?


Also someone on my network keeps downloading torrents that I'd like to block as they are affecting the my services. I think they work on the 6000s. If i block them outbound and inbound will it have any affect on my web services?

 

22 standard for ssh ok
there are also (if you use, if not not open):
443 for https
3306 for mysql if you have to access from remote
25 smtp
465 smtp ssl/tls
110 pop3
995 pop3 ssl
53 dns
143 imap

 

SSH and web serving went well but I had a problem connect the mail services.

I used the following inbound table settings:

! Service Name Filter LAN Server IP Address LAN Users WAN Users Destination Bandwidth Profile Log
admin Allow Always 192.168.0.1 ANY ADSL NONE Never
ANY Allow Always 192.168.0.100 ANY ADSL NONE Never
DNS:UDP Allow Always 192.168.0.100 ANY ADSL NONE Never
DNS:TCP Allow Always 192.168.0.100 ANY ADSL NONE Never
SSH:TCP Allow Always 192.168.0.100 ANY ADSL NONE Never
SSH:UDP Allow Always 192.168.0.100 ANY ADSL NONE Never
ISPConfig Cpanel Allow Always 192.168.0.100 ANY ADSL NONE Never
Monit Allow Always 192.168.0.100 ANY ADSL NONE Never
HTTP Allow Always 192.168.0.100 ANY ADSL NONE Never
FTP Allow Always 192.168.0.100 ANY ADSL NONE Never
HTTPS Allow Always 192.168.0.100 ANY ADSL NONE Never
mysql Allow Always 192.168.0.100 ANY ADSL NONE Never
SMTP Allow Always 192.168.0.100 ANY ADSL NONE Never
smtp SSL Allow Always 192.168.0.100 ANY ADSL NONE Never
POP3 Allow Always 192.168.0.100 ANY ADSL NONE Never
POP3 SSL Allow Always 192.168.0.100 ANY ADSL NONE Never
IMAP2 Allow Always 192.168.0.100 ANY ADSL NONE Never
IMAP3 Allow Always 192.168.0.100 ANY ADSL NONE Never
SMTP Custom Allow Always 192.168.0.100 ANY ADSL NONE Never
POP3 Custom Allow Always 192.168.0.100 ANY ADSL NONE Never
imap Allow Always 192.168.0.100 ANY ADSL NONE Never


I set the imap and pop services to TCP, is that right?

 

yes, tcp, but the problem can also be other and not firewall

 

I'm not sure I follow.

When I set all ports to foward to that 1 lan ip address all services work fine. When I close it down to the ports listed the mail service stops working.

Where else could the problem be? The only thing I can think of is my mail services don't work on the one you listed.

Is there a command I can run to find out what ports are being used?

 

Can anyone tell me how I find out what port my mail server is using so I can set up port forwarding from the router please?

 

Solved

Till,

Thanks for that, it sorted it!

Ta