Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Firewall the internet

  1. #1
    meesterfox is offline Junior Member
    Join Date
    Dec 2006
    Posts
    9
    Rep Power
    8

    Default Firewall the internet

    Dear people,

    I'm new here.

    that said, I just installed zimbra on a server hosted with serverpronto.com. I had spent 3 days trying to get ISPconfig working and just gave up. Zimbra works great and I'm actually a little uneasy about how easy it was.

    Anyway, so this is sitting on the internet. two IP's, both public facing. (one is the ns1 for dns, and the other is the ns2. not ideal, but it's a start.)

    I'd like to put a firewall up (currently running without one, eek!) but not sure what ports to worry about, or what some might recommend for a firewall, and so forth. Want to lock it down, but not sure how to go about it.

    Aside from zimbra, I've got webmin and use this server to also handle DNS.


    I've done some searches but nothing turned up that was helpful.

    sysinfo: FC5, 512MB ram, 40GB HD, 2 WAN IP's, new mint flavor.

  2. #2
    martinfst is offline Intermediate Member
    Join Date
    Nov 2006
    Location
    Hilversum, The Netherlands
    Posts
    23
    Rep Power
    8

    Default netstat

    You can use 'netstat -l' or 'netstat -ln' to find on which ports processes are listening. You should keep those port open.

    For firewalls on Linux there's iptables, which can be configured manually of with the help of different tools like Shorewall, Arno's Firewall, etc. Search for Linux firewall and you'll find plenty examples.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    The ports that Zimbra uses are listed here on the wiki: Ports It really depends on what you want to access from the outside world, as far as Zimbra is concerned you'll need port 25 open and something that will allow you to get your email so probably 993 for IMAPS and/or 443 for https web client (you'll need to change Zimbra to use SSL).
    Last edited by phoenix; 12-07-2006 at 06:14 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    meesterfox is offline Junior Member
    Join Date
    Dec 2006
    Posts
    9
    Rep Power
    8

    Default

    ah! perfect. I didn't come across that port list in my searches.

    When you say change zimbra to use SSL, doesn't it use SSL for administration? or are you refering to using it for access the mail?

    And martin, I'm aware of linux and firewalls, but this is my first time dealing with a server on the internet that I don't have physical access to or anything, so I'm being cautious as I'd hate to firewall myself out. Knowing me, I'd probably end up doing that! So, I didn't know if anyone had any preference such as shorewall versus iptables or anything like that, or if they know of a good web front end to one (aside from webmin). I'm just trying to get some input before I start chopping away in an attempt to secure my box.

  5. #5
    martinfst is offline Intermediate Member
    Join Date
    Nov 2006
    Location
    Hilversum, The Netherlands
    Posts
    23
    Rep Power
    8

    Default Shorewall / firewalls

    Locking yourself out is something that has to happen to everyone once i guess

    FYI: I'm setting up a new box with Zimbra in a VM including Shorewall myself currently, but still working on a "perfect" iptables setup. And it's not my top priority right now, so don't ask for an example right now
    I'm testing the shorewall rules 1st on a local dev box before running them on a production box in the datacenter.

  6. #6
    meesterfox is offline Junior Member
    Join Date
    Dec 2006
    Posts
    9
    Rep Power
    8

    Default

    Well If I DO lock myself out, I have no idea how I'll get back in. Which.... would be bad. I've MAINLY done work behind NAT routers and setup portforwarding and everything that way.

    looking at the list of ports that zimbra uses, which ones actually need to be open? for example: lmtp? or mysql? since they're local, wouldn't I be ok to block them? Ldap as well...

    Obviously Pop, IMAP, http/https need to be open, but I'm just not sure ALL those ports need to be open to either IP address.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

    Default

    Quote Originally Posted by meesterfox View Post
    ah! perfect. I didn't come across that port list in my searches.

    When you say change zimbra to use SSL, doesn't it use SSL for administration? or are you refering to using it for access the mail?
    Yes, it uses ssl for admin but by default it only uses http for mail, you need to change it for getting webmail via https. The only ports you need open for Zimbra are the ones I've mentioned above.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    meesterfox is offline Junior Member
    Join Date
    Dec 2006
    Posts
    9
    Rep Power
    8

    Default

    Ok, to clarify that would mean port 25 and port 993 for IMAPS are the only ports in my firewall I would need to open? (assuming i use IMAPS to access my mail)

  9. #9
    martinfst is offline Intermediate Member
    Join Date
    Nov 2006
    Location
    Hilversum, The Netherlands
    Posts
    23
    Rep Power
    8

    Default ssh

    That's for Zimbra (test, test, test ...)
    And don't forget 22 for ssh ....

  10. #10
    meesterfox is offline Junior Member
    Join Date
    Dec 2006
    Posts
    9
    Rep Power
    8

    Default

    Pssh, who needs SSH? I use telnet for everything!

    Ok, thanks. Looks like it'll be less ports I need to have open than I thought.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP auth working only when firewall stopped
    By brousky in forum Installation
    Replies: 1
    Last Post: 09-19-2006, 06:32 AM
  2. help ! Zimbra install RHEL 4 brhind firewall
    By pany in forum Installation
    Replies: 2
    Last Post: 08-23-2006, 06:17 AM
  3. My Mail Server Problem...
    By nazeeronline in forum Administrators
    Replies: 4
    Last Post: 04-10-2006, 01:21 PM
  4. LDAP through Firewall
    By kevindods in forum Installation
    Replies: 3
    Last Post: 11-29-2005, 05:04 PM
  5. Firewall ports I have opened up
    By robroadie in forum Administrators
    Replies: 1
    Last Post: 11-10-2005, 08:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •