Jump to content
RESET Forums (homeservershow.com)
doliveira

Network Setup - What port to use for the Router? Maybe port 8080?

Recommended Posts

doliveira
Hi,

 

I’m setting up my small office network and on my server I will use the “Windows Server 2012 R2 Essentials” and I will want to enable and use the “Anywhere Access” and “VPN” build in features to have remote access to my server from outside.

 

Regarding this, my router uses as factory default the port 80 to access the admin interface. 

 

But I think I should change this in order for my router not to be visible from outside world, and also not to conflict with any of the Windows Server services, correct? It’s a best practice to do this correct?

 

If yes, I really don’t know which port I should use. I’m think on using port 8080 so the router access from inside my network will become: http://192.168.0.1:8080.

 

So can anyone please share your advice on which port I should use for my router admin interface access?

 

It must be a port that can only have access from my internal network and it must be a port not used by common services in order not to create conflicts. 

 

Thanks

 

Share this post


Link to post
Share on other sites
Andne

The router can still be accessed from port 80, as long as it's only providing that access on the LAN interface.  Some routers do like to provide access to their admin interface through the WAN interface which is probably not what you want.  Ports don't distinguish between internal and external access, the interface the port is available on does, but every interface can support all port numbers.  So, ideally your configuration should probably look something like this.  How exactly to create this configuration depends on the hardware/software you're using.

 

Router WAN interface:

port 80 -> forward to WS2012R2E server IP address

port 443 -> forward to WS2012R2E server IP address

All other ports blocked (should be default behavior without a forwarding rule)

 

Router LAN interface:

port 80 -> used for admin web interface

 

Other notes/suggestions:

Set the WS2012R2E server to either a static IP address outside the DHCP range or have the router statically allocate an IP address to it's MAC address.  I prefer the first one.

Don't rely on WS2012R2E autoconfiguring the router (uses uPnP), manually forward ports 80 and 443 in the router web interface.

Internal access to the WS2012R2E web site can be a bit tricky, it's easiest if the router supports redirecting internal traffic to the WAN interface back to the LAN (sometimes it's an option somewhere).

Share this post


Link to post
Share on other sites
doliveira

Hi @Andne,

 

Thanks for all your advices. I have all setup as you said. But if i leave my router on port 80 i will have access to it from outside my internal LAN. So outside my office the router aadmin page will be available.

 

So i really need to change my router port to an unused port so i can access to it only from my internal LAN. 

 

Any advices on recommended ports?

 

Thanks

Share this post


Link to post
Share on other sites
jmwills

The Admin page will not be available from the outside unless you make it available. There is usually an option to enable or disable this function.

Share this post


Link to post
Share on other sites
doliveira

The Admin page will not be available from the outside unless you make it available. There is usually an option to enable or disable this function.

 

Ok,... but let not discuss anymore that. In my case i want to change the default router admin port. 

 

So can anyone advise me on a unused port that i can use without problems?

 

Thanks

Share this post


Link to post
Share on other sites
Andne

Just changing the port number will not block outside access to your router.  There should be another option somewhere to enable/disable external/remote access to the router admin interface (the exact naming varies by router).  I did a little digging, looks like it's located in Maintanance->Setup->Remote Management on your router.  As long as the 'List of Subnet' is either empty or only contains the internal network IP addresses (not sure which is correct, empty may block all access), the router will not be accessible externally.

 

As far as using a different port goes, most ports will work, only a few of them have specific functions and most of those are below 1024.  8080 and 8088 are probably the two most commonly used alternate ports for web sites.  Picking an appropriate port does require some knowledge of everything else that is in use on the router, but it's very unlikely anything else would be on either one of those ports.  Generally, ports below 1024 have standard assignments for their function (80 is HTTP, 443 is HTTPS, 22 is SSH, etc...) and ports above 1024 are application specific.  The highest port number is 65535 (max 2-byte value).

 

Here's the manual I got the Remote Management information from:

http://www.tp-link.com/resources/document/TL-ER5120_V2_User_Guide_1910010931.pdf

Share this post


Link to post
Share on other sites
doliveira

Just changing the port number will not block outside access to your router.  There should be another option somewhere to enable/disable external/remote access to the router admin interface (the exact naming varies by router).  I did a little digging, looks like it's located in Maintanance->Setup->Remote Management on your router.  As long as the 'List of Subnet' is either empty or only contains the internal network IP addresses (not sure which is correct, empty may block all access), the router will not be accessible externally.

 

As far as using a different port goes, most ports will work, only a few of them have specific functions and most of those are below 1024.  8080 and 8088 are probably the two most commonly used alternate ports for web sites.  Picking an appropriate port does require some knowledge of everything else that is in use on the router, but it's very unlikely anything else would be on either one of those ports.  Generally, ports below 1024 have standard assignments for their function (80 is HTTP, 443 is HTTPS, 22 is SSH, etc...) and ports above 1024 are application specific.  The highest port number is 65535 (max 2-byte value).

 

Here's the manual I got the Remote Management information from:

http://www.tp-link.com/resources/document/TL-ER5120_V2_User_Guide_1910010931.pdf

 

Thanks for all your advices!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • pksparks
      By pksparks
      Hi, 
      been reading through this forum, and also 2012 r2 essentials, but somehow i am not getting my vpn to work
      my configuration:
       
      gen8 with 2 nics connected and ilo4 nic connected. Nic 1 is connected to internet, nic 2 to my internal network
      ip adresses:
      nic 1: 192.168.2.200, with gateway
      nic 2: 192.168.10.229, no gateway
      ilo: 192.168.10.37
       
      nic 1 is connected to 4g router. Portforwardings for ports 80, 443, 1723 to ip 192.168.2.200
       
      after installation of server 2016e activated a remotewebaccess.com adress at microsoft, and installed remotewebacces and vpn.
      remotewebacces with /remote option is working
       
      my windows 7 laptop is in the domain of my server, client connector installed, and backup etc working.
      when i am at my office, or connected via a hotspot of my iphone, i want to make a vpn connection.
      everytime i start this, i see shortly that username and login are checked, but that is it, connection stops.
       
      i know i am overlooking something, but as allways, the longer you look, less change of finding it.
       
      any suggestions?. No need to hurry, i can only test this again on saturday.😩😏. Have to work tomorrow.
       
      any help is appreciated
       
      rgds
      Patrick
       
       
    • nrf
      By nrf
      A recent change in my ISP setup forced me to deal with an issue I have been keeping on the back burner. A while back, I had to change to a new VPN client for work. I had difficulty connecting as it told me a firewall must be blocking IPSEC or UDP. Blaming it on the router I had circled thru several with some initial success but ultimately failure. Having no choice now, I have narrowed it down to my network switch. the VPN is IPsec to a cisco vpn server (port 4500 and all).
       
      Bottom line, with switches like GS108Tv2 and GS-1100-5 between my work pc and router (currently Sophos UTM 9) no problem. But my fancy tplink t1600g-28ts, no go. it validates the password ok but can't connect the vpn itself. 
       
      Any seasoned veterans out there have an idea how this switch could be messing it up?
      thanks in advance!
      nrf
    • ChappyEight
      By ChappyEight
      Okay, so I'll be moving in about a month to a different home and I'm trying to gather the necessary materials to set up a relatively extensive mixed home network.  In order to simply get off the ground and get started, I've chosen the following pieces of equipment:
       
      Modem:  Our area is served by Spectrum and here's the list of the approved modems.  Any suggestions on one of these? Router: Cisco RV320 Firewall Device: Do you recommend hardware here or use the router's software firewall? Switch: Cisco SG200 Access Point: Cisco Aironet 3602I Controller: Cisco 2504  
      So, I'm a complete novice when it comes to building a mixed home network that will eventually entail a server room, NAS, etc.  However, I do know that I want all Gigabit equipment and the switch I chose is ginormous simply because I want the overhead to add connections later (IOW, I don't mind that it's overkill).  Also, again just because I can, I'm looking to get primarily enterprise quality equipment.  I'm not looking to burn money just to burn money, but I'm also not afraid to spend a little for a more quality network and something to learn on.
       
      If I'm thinking correctly, I'll connect into the modem , then to the router, then to the firewall (if necessary), then to the switch, then have the controller in one of the switch ports and the POE AP in one of the POE ports on the switch.  This, then, should give me both wired (by plugging Cat6a into the switch for other devices) and wireless access (via the AP), correct?  Am I forgetting/missing something?
       
      Really appreciate you entertaining this novice as I try to learn/build this network.  You can see my ultimate goals here (Lofty, I know).
    • lordcroci
      By lordcroci
      Hi there!
      I'm new around here, looked for the presentation thread but haven't found any! 
      Anyway I hope to be able to contribute (as far as my newbie's knowledge will be useful )....

      Speaking about what I'm trying to do, I have this amazing microserver gen8, on which I have 2 3tb wd red as storage and an ocz 125gb ssd on 5° port.. Installed a couple of days ago mr. PROXMOX (I'm a complete newbie to it too ) and configured the xpenology 6.0 that runs amazingly!
      Now.. I'm just wondering which is the best option to configure a vpn (possibily openvpn) and from my inexperience I found a couple of options:
      - try a container with turnkey debian 8 OpenVPN
      - install ubuntu on a VM and setup openvpn
      - try the vpn server on xpenology
       
      or the least pleasurable
      - install openvpn on my windows 10 pc and leave it turned on in way to access the microserver through vpn.. 
      What do you think is better to do? Considering that I am a real noob and will need some guide or some tutorial (already googled something and Have found a lot of material on the openvpn site.. but honestly can't find so much about proxmox and vpn)

      PS: sorry for my english, but I'm italian and I'm still learning!
       
      thanks a lot!
      Lordcroci
    • Camperdownfamily
      By Camperdownfamily
      I used to run a Win Home Server V1, then an Amahi Home Server and now I have built a Home Server based on Win 10 Pro.
       
      I have got everything running really well except for the VPN for remote access.  For some weird reason, I can connect remotely to my Home Server by VPN and it gives me an IP address on the home network ok, but I can't see, access or ping the Home Server itself - yet I can access every other piece of kit connected to the home network (printer, router, other PCs, etc.) through the VPN by entering their IP address into my browser or by pinging them through the command line Ping command with their IP address.
       
      It's as though, by providing access the the rest of the network, the Home Server has become invisible to itself and so I can't access anything on it.
       
      I have used the built-in Windows VPN on Win 10 Pro, rather than using a third party package.  I have been using Terry Walsh's "How to Build a Windows 10 Pro Home Server" e-book which has been excellent so far, except that on this, it tells you how to set up the VPN and then just says - go ahead and connect to your remote Home Server - but doesn't address any potential problems - like this one.
       
      Is this something anyone has seen before?  Any ideas what the problem could be?


×
×
  • Create New...