Mon, Jun 20 2005 23:19
What ports do I need?
From the mailbag today comes the question...what ports do I need?
And the question was asked if all these ports are needed to be forwarded from a hardware firewall to the nic of the server:
Small Business Server 2003
21: FTP (do we need port 20 for FTP data also?)
139: License logging service [Note: well not exactly what this is used for actually, this is one of your file and printing ports]443: Secure web
Filed under: Security
444: Windows sharepoint intranet site
445: License logging service
3389: Terminal services
4125: Remote web access
And the answer is...heck no. Only open up the bare minimum.
What's the minimum?
25 - ONLY if you use SMTP mail [full MX record the whole shebang]
443 - Secure web
444 - ONLY if you want Company web/sharepoint externally available
4125 - Remote Web access.
You don't need port 21 unless you plan on hosting Lindsey Lohan's latest bootleg song on your server, you don't need 80 as remote web works perfectly over SSL, you NEVER EVER want to open up port 139 on your outside router [what license logging do you need to externally publish for heavens sake? Remember 137-139 is file and print sharing ports.... don't open them up to the outside folks], you can do VPN at 1723 but remember to also open up the PPTP passthrough [gre 47 protocol in geek speak], and I honestly don't feel a need to open up 3389 externally even though I have a TS member server as my TS sessions come though the Remote Web workplace.
You also don't have to open up port 110 externally. That's only if someone is 'pop-ping' into you. And quite frankly..that's what OWA and OMA and Outlook over http are all about. Why do you want to POP when you can get email more securely? Remember the best instructions for Outlook over http are right inside the Remote Web Workplace.