What ports do I need to Forward from my Router to Server when finishing up the default instalation of Virtualmin, Webmin and Usermin?
Some of the ports below might be needed for some modules, but my idea is to know which ones need to be opened and forwarded for a DEFAULT instalation of the 3 above softwares.
Right now I have the following ports opened and forwarded:
DNS - 53 (udp)
FINGER - 79 (tcp)
FTP - 20 and 21 (tcp)
POP3 - 110 (tcp)
SMTP - 25 (tcp)
SNMP - 161 (udp)
TFTP - 69 (udp)
HTTP - 80 (tcp)
SSH - 22 (tcp)
virtualmin - 10000 (tcp)
usermin - 20000 (tcp)
Some questions about this, Telnet is needed? I’m currently accessing my server remotelly and locally via SSH.
Thank in advance.
If you run a “netstat -an | grep LISTEN”, you can see a list of ports that are listening on your server.
Typically, you’d need these TCP ports:
FTP/21, SSH/22, SMTP/25, www/80, www/443, POP3/110, IMAP/143, Webmin/10000, and Usermin/20000.
And then, you’d also want DNS on port 53 UDP as well.
You wouldn’t need things like telnet, finger, tftp, and snmp.
Also be aware that for FTP you additionally need to forward a number of ports for “passive mode data connection”. I usually use ports 10021-10029 for that. In the ProFTPD module of Webmin you then need to enter that range in Virtual Servers/Default Server -> Networking Options -> PASV port range.
Also important: You’re talking about “forwarding ports”. Does that mean your router is doing NAT for your server? If so, that means if your server does not have a public IP address, and the router does actual NAT forwarding, you will need to enter the public IP in ProFTPD config in “Masquerade as address”. That’s because FTP negotiates the IP address for data connections within the control connection.
EDIT: Post deleted, found the option I was looking for (“Masquerade as address”) after making the post.
Hi again, thanks for your help.
So I followed your instructions and right now my router is forwarding the following ports (see the attached file please)
NOTE: I changed the default ssh port to 27, and i will change the default webmin and usermin ports for extra security.
My current configuration is this
Modem connected to a Router
Router assigning local dynamic ip’s to some computers on my home via NAT
Router assigning my server a static local IP 192.168.1.105 based on his MAC address
Using Dyndns service to have xxxx.dyndns-ip.com poitning to my Dynamic IP
So based on this i don’t need to do changes on my ftp services right? Everything should work as expected.
I’m currently doing some tests and i will post the results in the next couple of days, still working on security and tests.
Thanks again for your help
Actually, yes, you do need to make changes, namely those I outlined in my previous post.
If you only forward port 21 and do nothing else, the FTP client will be able to connect and send commands, but will not be able to transfer any data, including directory listings. Except you use only Active Mode, which will not work though if the client is behind a router/firewall.
If you configure your router and ProFTPD as I outlined before, you should be fine.
Hi, with my settings i’m able to browse the virtual servers ftp’s addresses with no problem and also download and upload problem.
This is by using the default option in filezilla for active or passive mode (the default is active, not 100% sure about this)
I’m going to give it a few more tests later to see if i can use the passive mode as well, if not i might need to adjust according to your recommendations.
Yup, do that. If active mode works, then you don’t need to make changes, since in that mode the server will initiate the data connection towards the client, which is generally no problem through the router. In passive mode, the client connects to the server for data, so the proper ports need to be forwarded.