ports open

Discussion in 'Installation/Configuration' started by ganewbie, Feb 16, 2021.

  1. ganewbie

    ganewbie Member HowtoForge Supporter

    The perfect ISPC3 on Ubuntu 20.04:
    Why port 20 is open, do we need it open?

    :~# ufw status numbered
    Status: active
         To                         Action      From
         --                         ------      ----
    [ 1] 20/tcp                     ALLOW IN    Anywhere
    [ 2] 21/tcp                     ALLOW IN    Anywhere
    [ 3] 22/tcp                     ALLOW IN    Anywhere
    [ 4] 25/tcp                     ALLOW IN    Anywhere
    [ 5] 53/tcp                     ALLOW IN    Anywhere
    [ 6] 80/tcp                     ALLOW IN    Anywhere
    [ 7] 110/tcp                    ALLOW IN    Anywhere
    [ 8] 143/tcp                    ALLOW IN    Anywhere
    [ 9] 443/tcp                    ALLOW IN    Anywhere
    [10] 465/tcp                    ALLOW IN    Anywhere
    [11] 587/tcp                    ALLOW IN    Anywhere
    [12] 993/tcp                    ALLOW IN    Anywhere
    [13] 995/tcp                    ALLOW IN    Anywhere
    [14] 3306/tcp                   ALLOW IN    Anywhere
    [15] 8080/tcp                   ALLOW IN    Anywhere
    [16] 8081/tcp                   ALLOW IN    Anywhere
    [17] 10000/tcp                  ALLOW IN    Anywhere
    [18] 53/udp                     ALLOW IN    Anywhere
    [19] 3306/udp                   ALLOW IN    Anywhere
    What are the best practices to secure the server in general?
    I was thinking of port knocking? any feedback is appreciated.
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Port 20 is used for FTP.

    You can change the rules in the panel under System -> Firewall
    ganewbie likes this.
  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    more specifically, port 20 is used for ftp in active mode. which is nice, since you don't have to leave a whole range of ports open for passive mode ftp, and you can block inbound connections being initiated to port 20, since it's the server that should start the connection to the client. but it's also a pain in the arse, as you'll probably spend all your time on the phone telling your clients how to open their firewall to allow the inbound connection from your server, and how to configure their ftp client to use active mode.

    also, according to your list of ports, passive mode won't work as you haven't opened a range of ports for the ftp client to connect to.

    also, unless your allowing external clients to connect directly to mysql (best not to unless they have a really good reason), you don't need port 3306 open, unless it's a multi-server setup. even then it's best to just allow specific ip's to connect, rather than from anywhere.
    ganewbie likes this.
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

Share This Page