Saturday, January 24, 2009

IPCop and Windows SBS 2003

What ports are required to be forwarded to your Small Business Server 2003 (SBS2k3) to get maximum functionality while still retaining some semblance of security?

I trust the IPCop with some fairly important stuff, but I'm being required to provide multiple services using the same server - Mail, WebMail, and now Remote Desktops.

The most secure way to do this is via SSH Tunnel (My posts on this). Pros and amateurs alike have had success using Putty, and even more success using my super-secret Plink connection script (I'll share it eventually).

However, there is a balance between security and convenience, and I'm going to violate the "Separation of Duties" that I so desire in order to provide a quick, convenient way to dial in to the desktop computers: SBS2k3's Remote Web Workplace.

So turn it on in the SBS's Server Management -> Internet and E-Mail -> Connect to the Internet Wizard, then connect to your IPCop and forward the ports as follows (I'm assuming you also want to enable E-Mail. Webmail and some other services may also be enabled in the Connect to the Internet Wizard)

  • Port 25 (SMTP) to your internal server's IP and port 25
  • Port 443 (HTTPS) to your server's IP and port 443
  • Port 4125 (???) to the server's IP and port 4125

No comments: