]]>]]>]]>Maybe i should extract ssh port number from sshd_config and then modify the rule. Good idea?
Yes, please do so :-)
I posted a new topic here:
- iRedMail opens which network service ports
http://www.iredmail.org/forum/topic209- … ports.html
You should know which services you need to serve, what ports they need, and then customize your rule.
I do, yes. However, I am uncertain what's needed in particular like for example port 587. As I said, I use the LDAP backend with irm and thus I can only manually check (ps aux | grep <daemon_name> or netstat -tulpe) to be sure. I think a quick summary on the wiki would be best i.e. if we could just list the ports needed that would be great ... I think this question will come up a lot in the future so ...
Maybe i should extract ssh port number from sshd_config and then modify the rule. Good idea?
Yes, please do so :-)
]]>It is correct that all ports are TCP and no IRM service/daemon makes use of the UDP protocol?
Yes, no daemon uses UDP protocol.
What ports need to be open can be seen from iRedMail/samples/iptables.rules. Right now I allow incoming traffic on following TCP ports: 80,443,25,587,465,110,995,143,993,389,636,21,20. I use the LDAP backend; do I need all those ports to be open? especially 587? Did I miss some port?
You should know which services you need to serve, what ports they need, and then customize your rule.
We manage the port for sshd automatically; it's listening on a high port i.e. >1023; maybe the IRM install routing could ask users for the sshd listening port instead of assuming it's port 22? Personally I don't care because we con't use IRM iptables scripts at all but I think the user should have a choice to mabye pick a non-standard listening port
There's a note displayed while prompt to use iptables rule shipped within iredmail, it says OpenSSH port is 22.
User can replace it without restart iptables service, and then edit the port number after installation complete.
Maybe i should extract ssh port number from sshd_config and then modify the rule. Good idea?
]]>Three Questions:
0)
It is correct that all ports are TCP and no IRM service/daemon makes use of the UDP protocol?
1)
What ports need to be open can be seen from iRedMail/samples/iptables.rules. Right now I allow incoming traffic on following TCP ports: 80,443,25,587,465,110,995,143,993,389,636,21,20. I use the LDAP backend; do I need all those ports to be open? especially 587? Did I miss some port?
2)
We manage the port for sshd automatically; it's listening on a high port i.e. >1023; maybe the IRM install routing could ask users for the sshd listening port instead of assuming it's port 22? Personally I don't care because we con't use IRM iptables scripts at all but I think the user should have a choice to mabye pick a non-standard listening port http://sunoano.name/ws/public_xhtml/ssh … ening_port