Here, the port i will open on each of my ISPconfig setup ... WEBMaster (panel) 22(ssh) (bastion ssh) 8080 (http/s)(any) 3306 (mysql) (from other ispconfig server) WEB 80,443 (http/s)(any) 21(ftp)(any) 22(ssh)(any) DATABASE 22(ssh)(bastion ssh) 3306 (mysql) (from other ispconfig server) DNS 22(ssh)(bastion ssh) 53(dns)(any) MAIL 22(ssh)(bastion ssh) 25 (smtp)(relay host) 587 (submission) ( any) 995 (pop3s) (any) 993(imaps) (any) i'm i right ?
The basics ports are stated in here: https://www.faqforge.com/linux/whic...g-3-server-and-shall-be-open-in-the-firewall/ That said, some ports can be changed to the ones only you know if you fear someone will attack the common ports but some simply should remain as it is.
you may want to include ports 110, 143, and 465 for mail they may not be needed, but can you confirm 100% that any clients/client software will not need less secure mail access? i know of several customers who insist on still using ancient mail client software (really really old versions of outlook, eudora etc.), refusing to upgrade, and their software will not support the latest ssl/tls standards. also port 8080 for the control panel, if you plan on running any other of your own (non-customer) sites on the WEBmaster server, it would still be recommended to keep the control panel on it's own dedicated port. you may also want to allow ports for ntp / whois etc, along with icmp so that ping/echo etc work. may not want them open all the time, but they're very useful when troubleshooting. also if you're using anything for domain registrations, eg whmcs linked to ispconfig, then depending on what domain registration authorities you use, you may need to open ports for them, eg opensrs api uses ports 55443 and 55000
thank, but i want to know how ispconfig is working in multi server...with master , web server databse etc . tcp/udp flow ... for example, can i close mysql incoming traffic on dns server ? that suppose that dns server pull is config from master server . but if dns receive it from master, i must open 3306 port from master server ...
all slave ispconfig servers will query the dbispconfig database on the master ispconfig server every minute.
TDP/UCP is mentioned in the link I posted. And yes, mysql port must be kept opened but it does not necessarily need to be on default port 3306 thus you should be able to change to other than default.
so only, master server has to be open with 3306 for incoming traffic. others servers can closed (for incoming trafic ) their 3306 port . that's it ?
