Which ports must be opened and which ports must be closed in firewall and firewall must be open or close?
Thanks in advance.
Which ports must be opened and which ports must be closed in firewall and firewall must be open or close?
Thanks in advance.
Check your server.cfg for the ports that are required for the files.
and think about what services need to be available for the public and which services need to be private.
port must be opened are agent server,gateway,download and web port (80)other port example smc,shard,gs bla bla must be closed and ofc firer wall must be opened(this was a stupid question)
Sorry, but i'm not security teacher ~ btw open ports must be tcp/udp or only one of them, and the (80) port it's on IIS, if yes my web port is 7060 i must open it? please answer my questions :)Originally Posted by BadFist
Last edited by RenePunik; 06-02-15 at 01:02 PM.
yes them open 7060 but as i know port 80 cant be closed (i'm not 100% sure so if you cant close port 80 them put website on 80 and iis on other port)
Port 80 is regularly closed, if you are using and redirected through a standard modem/router.
It can be force closed by preventing or leading port 80 to another one or broadcasting it.
About ports, the ones you should open are from your agent (login), gateway (identification), download (obvious ...), and all of them only TCP! There is no reason redirecting packages outwards from your root via UDP.
Any other module's port should be blocked firewall side and if possible router vice TCP as well UDP.
Btw. why are you hosting your webserver on a different port than 80? People have to get the link with "www.mywebsite.com:7060/", so eitherway, they will figure out your port, and port 80 is a standard webport, no matter using IIS, Apache, Zend, or whatever.
but If 80 port is closed ~ they even can't connect to my website... (correct me if i'm wrong) ~ about closing the other module's port they will be tcp and udp -- i didn't understand your last wordsthat means open them on tcp only like close ones!!!?and if possible router vice TCP as well UDP.
Another question : I will use skalidor website in the future, and there is guide.txt which i found it on website's folder, but i don't know the website will require (apache and zend) together? or only one of them because the guide was written to setup it on Apache.
Last edited by RenePunik; 08-02-15 at 06:25 PM.
The "closing port 80" was just a clearification to BadFist.
Port 80 should stay open, if you are hosting a webserver, sure.
What I mean with the TCP and UDP -> you should block the IPs of the gameserver, shardserver, farmmanager, globalmanager and machinemanager on your firewall as TCP and again as UDP!
And only if it is possible - block those ports on your router, too! Not necessary, but should be more safe, people cannot access in the first line through your router.
By default in the Windows Firewall is to block any incoming connection (except for the RDP port). You should add one and ONLY one rule that allows 4 TCP ports if you're going to use the website on the same server, which are (Agent/Gateway/Downloadserver/web).
How to get them? from srNodeData.ini -> by default, they're 15884,15779, 1588, 80 respectively. And of course, Don't forget to turn your firewall ON. You will never need another port opened.
As for the IIS, you can use any random port for it, like 127.0.0.1:6200 and keep the web port (80) for the WEB, it's stupid to use a random port for web.
Thanks for you guides, still have some questions in my annoying brain.
1- firewall must be opened in my router?
2- What's meaning of TCP and UDP. (only their jobs)
3- iis's port is different from web port? (i know it's stupid question but still don't know is same or not)
4- i must allow server-files through firewall apps? (i saw it on arabianfox's thread about secure 1x gameserver)
5- how to set local connection on SQL Server 2012, i talked with friend about it ~ he said to me sql 2012 settings is setted to local connection by default. is this right?
6- Certification's port must be closed?
7- What is this ports and must be closed (1433, 3306, 445) ~ I think they are FTP ports or something like that!!
This is my srNodeData.ini file configuration: Look at MachineManager.exe's port is it wrong?
Code:[global] count=9 [entry0] node_id=697 operation_type=22 global_operation_id=0 associated_shard_id=0 node_type=335 service_type=2 certification_node_id=1 port=15880 node_icon=4 u1=144 u2=22 u3=24 u4=1 u5=248 u6=146 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=0 u16=0 u17=0 u18=0 u19=0 u20=0 [entry1] node_id=1 operation_type=0 global_operation_id=0 associated_shard_id=0 node_type=335 service_type=1 certification_node_id=0 port=32000 node_icon=5 u1=40 u2=22 u3=24 u4=1 u5=216 u6=99 u7=19 u8=1 u9=0 u10=0 u11=0 u12=0 u13=0 u14=0 u15=0 u16=0 u17=0 u18=0 u19=0 u20=0 [entry2] node_id=698 operation_type=22 global_operation_id=0 associated_shard_id=0 node_type=335 service_type=4 certification_node_id=697 port=15779 node_icon=0 u1=96 u2=23 u3=24 u4=1 u5=48 u6=148 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=0 u16=0 u17=0 u18=0 u19=0 u20=0 [entry3] node_id=699 < This is MachineManager.exe operation_type=22 global_operation_id=0 associated_shard_id=0 node_type=335 service_type=11 certification_node_id=697 port=25880 < It should be 15880? node_icon=0 u1=56 u2=26 u3=24 u4=1 u5=48 u6=148 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=0 u16=0 u17=0 u18=0 u19=0 u20=0 [entry4] node_id=700 operation_type=22 global_operation_id=0 associated_shard_id=0 node_type=335 service_type=3 certification_node_id=697 port=15881 node_icon=0 u1=248 u2=22 u3=24 u4=1 u5=96 u6=147 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=0 u16=0 u17=0 u18=0 u19=0 u20=0 [entry5] node_id=704 operation_type=22 global_operation_id=20 associated_shard_id=0 node_type=335 service_type=5 certification_node_id=697 port=15882 node_icon=0 u1=200 u2=23 u3=24 u4=1 u5=152 u6=148 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=17 u16=1 u17=0 u18=0 u19=0 u20=0 [entry6] node_id=705 operation_type=22 global_operation_id=20 associated_shard_id=64 node_type=335 service_type=7 certification_node_id=704 port=15883 node_icon=0 u1=152 u2=24 u3=24 u4=1 u5=0 u6=149 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=17 u16=1 u17=168 u18=102 u19=18 u20=1 [entry7] node_id=707 operation_type=22 global_operation_id=20 associated_shard_id=64 node_type=335 service_type=6 certification_node_id=704 port=15884 node_icon=0 u1=48 u2=24 u3=24 u4=1 u5=104 u6=149 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=17 u16=1 u17=168 u18=102 u19=18 u20=1 [entry8] node_id=713 operation_type=22 global_operation_id=20 associated_shard_id=64 node_type=335 service_type=8 certification_node_id=704 port=15885 node_icon=0 u1=0 u2=25 u3=24 u4=1 u5=160 u6=150 u7=19 u8=1 u9=64 u10=160 u11=17 u12=1 u13=0 u14=0 u15=17 u16=1 u17=168 u18=102 u19=18 u20=1
Last edited by RenePunik; 09-02-15 at 10:31 PM.
1. Firewall is on your machine, I don't know if there are routers/modems using firewalls.
2. TCP and UDP are "Request Ports".
TCP is used for - if someone makes a request to the server (hello, I am here, I want to login)
UDP is used for - if you have to give response with file transfer (hello, I am here for the download - (your server) ok, take this download (direct download, in this case FTP related bases).
3. IIS, Apache, Zend, any kind of webserver tool is using a specific port, in this case always the regular port 80, if you didn't change it at all. If you did so, you have to reconfigure your address, your tools, and whatever you are using for. But keep in mind, people need to add the port to the address, like: http://www.mywebsite.com:<PORT>/forums/ or whatever. Only ports of 80 and 443 don't have to be written into the link. Those are regular http and https certifications.
4. Depending on your firewall (if using windows, it might be useful to do so, or depending on your software e.g. kaspersky, avira, or whatever), you have to or not. Just tweak around with a friend. Ask him to try to join your server, if he can login - don't mind about configuring your firewal.
5. Don't get this question that well. What do you mean with local connection? Your server will be always a local connective instance,
6. Not that I know about, but I blocked the connection. Just for safety sake.
7. About 445, thats a regular Windows Sharing port, those folder sharing and sharing groups and such.
3306 should be the port for MySQL Connections. I am using it for my Lineage2 and Aion servers.
And for the last one, that is for MSSQL, same alike MySQL but seperated.
Edit:
The port "25880" is just fine. Leave it as it is.
Last edited by blapanda; 10-02-15 at 06:49 AM.
Since firewall was closed, FTP's guild/union emblems was working fine, but now it's white logos as hell.
EDIT : It fixed now, By allowing ftp through firewall apps, So it working without open ftp's port "21" ~ At anyway it must be opened or closed and it should tcp or udp?
Last edited by RenePunik; 11-02-15 at 03:17 PM.
Reply With Quote