What ports should be opened for Virtualmin in firewall?
This is a question people ask when configuring firewall for Virtualmin. This is really important on platforms like Amazon Web Services and Google Cloud platform because they have a built-in firewall blocking all connections. You won't be able to access Virtualmin or other services if the specific port used by those services are being blocked by firewall.
If you're configuring firewall for your Virtualmin on unmanaged VPS, EC2 Instance or Google Compute Engine, following are the ports that must be opened,
- 22 - SSH port
- 80 - HTTP web access
- 443 - HTTPS web access
- 10000 - Virtualmin port
These 4 ports are a good starting point. You can get your server and websites up and running with these ports open. However there are additional ports that other essential services on your server use. I'm listing them below. You can open them all, that's easier but insecure. Because opening a port means opening a door to hackers. These are the optional ports that some services use.
- 20 - 21 - FTP (Port 22 can be used for this purpose. Read: Uploading files with sFTP)
- 25 - SMTP (Email)
- 53 (both tcp and udp) - DNS port (for custom nameservers)
- 110 - POP3 (Email)
- 143 - IMAP (Email)
- 465 - SMTPS (Email)
- 10001 - 10009 - Webmin RPC
- 20000 - Usermin
You can optionally choose to open any of these ports on your firewall. But I usually only open 4 ports mentioned above.
This article has an error that non googlecloud users may not be aware of...
There are a list of mail ports that are permanently blocked on google cloud. You must use a "non standard email port" and a 3rd party mail relay (such as sendgrid).
Thanks for pointing it out @adamjedgar. I didn't know that. I find it surprising that they are blocking port 25.
yes it is a pain that they are blocking said ports.
I have also just created a new Azure account. I notice that even Microsoft as of November last year have done a similar thing for all new accounts.
Clearly blocking standard mail ports is going to become common place across the industry by major service providers, all clients will need to use mail relay services such as sendgrid.
I can confirm that AWS is too blocking port 25 now.
DigitalOcean and Vultr has also started to block email ports. But at least they'll enable SMTP after manually reviewing accounts.