Notifications
Clear all

What ports should be opened for Virtualmin in firewall?

6 Posts
2 Users
2 Likes
52 Views
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

This is a question people ask when configuring firewall for Virtualmin. This is really important on platforms like Amazon Web Services and Google Cloud platform because they have a built-in firewall blocking all connections. You won't be able to access Virtualmin or other services if the specific port used by those services are being blocked by firewall.

If you're configuring firewall for your Virtualmin on unmanaged VPS, EC2 Instance or Google Compute Engine, following are the ports that must be opened,

  • 22 - SSH port
  • 80 - HTTP web access
  • 443 - HTTPS web access
  • 10000 - Virtualmin port

These 4 ports are a good starting point. You can get your server and websites up and running with these ports open. However there are additional ports that other essential services on your server use. I'm listing them below. You can open them all, that's easier but insecure. Because opening a port means opening a door to hackers. These are the optional ports that some services use.

  • 20 - 21 - FTP (Port 22 can be used for this purpose. Read: Uploading files with sFTP)
  • 25 - SMTP (Email)
  • 53 (both tcp and udp) - DNS port (for custom nameservers)
  • 110 - POP3 (Email)
  • 143 - IMAP (Email)
  • 993 - IMAPS (Email)
  • 465 - SMTPS (Email)
  • 10001 - 10009 - Webmin RPC
  • 20000 - Usermin

You can optionally choose to open any of these ports on your firewall. But I usually only open 4 ports mentioned above.


   
Quote
(@Anonymous 632)
New Member
Joined: 6 years ago
Posts: 2
 

This article has an error that non googlecloud users may not be aware of...

 There are a list of mail ports that are permanently blocked on google cloud. You must use a "non standard email port" and a 3rd party mail relay (such as sendgrid).

https://cloud.google.com/compute/docs/tutorials/sending-mail/

This post was modified 6 years ago by Anonymous

   
Tharindu reacted
ReplyQuote
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

Thanks for pointing it out @adamjedgar. I didn't know that. I find it surprising that they are blocking port 25. 


   
ReplyQuote
(@Anonymous 632)
New Member
Joined: 6 years ago
Posts: 2
 

yes it is a pain that they are blocking said ports.

I have also just created a new Azure account. I notice that even Microsoft as of November last year have done a similar thing for all new accounts.

Clearly blocking standard mail ports is going to become common place across the industry by major service providers, all clients will need to use mail relay services such as sendgrid.


   
Tharindu reacted
ReplyQuote
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

I can confirm that AWS is too blocking port 25 now.


   
ReplyQuote
Tharindu
(@tharindu)
Reputable Member Admin
Joined: 10 years ago
Posts: 307
Topic starter  

DigitalOcean and Vultr has also started to block email ports. But at least they'll enable SMTP after manually reviewing accounts.


   
ReplyQuote
Share:
Back to top button