![]() Find the line ssl=1, and change the value 1 to 0From:.However, if you are running Webmin via the Apache web server, then Webmin security can be enhanced by using Apache built in SSL module. Tweak #2 - Disable Webmin SSL if using Apacheīy default Webmin enables SSL and uses it's own SSL certificates. Change Listen on port and change the port number.Expand Webmin and select Webmin Configuration.Using your favourite web browser, login to your Webmin panel.You can now access Webmin using your newly assigned web port via your favourite web browser.Starting Webmin server in /usr/share/webmin Save your changes, and exit your text editor.In or example we are using port 11000:From: Find the line port=10000, and change the value 10000 to your new port number.Using your favourite text editor, edit the Webmin server configuration file ( /etc/webmin/nf).Stopping Webmin server in /usr/share/webmin Login to your Webmin server, and switch user to root.In this example we are changing the default port from 10000 to 11000 Change port using terminal Once you have decided on which port number you wish to use, either use a terminal session or the Webmin web interface to change the default port to your desired value. If you don't know which ports are available on your system, you can find out which ports are already in use using the following command: netstat -tulpn You can choose any available random port between 105. Therefore, it is highly recommended that you change the Webmin port and make it listen on something other than port 10000. Tweak #1 - Change Webmin portīy default, Webmin operates on port 10000. In a nutshell Webmin removes the need to manually edit configuration files and lets you manage a system from the console or remotely. Using a web browser, you can setup user accounts, web services, DNS, file sharing and much more. Hopefully this helps clarify this a bit more.Webmin is a web-based interface for system administration for Unix and Linux based systems. Oh, and one more small note… regardless of what port you run webmin on, be sure nothing else is running on that port before changing it, should you decide to change it… i.e… don’t setup webmin to run on port 80, as apache (Freepbx) is running on port 80… This can easily be done from within webmin itself in the webmin configuration, and only takes a few moments. –In Webmin->Webmin configuration->Upgrade Webmin – you should NOT forget to update it regularly (especially if your webmin is publicly available). –In Webmin->Webmin configuration, SSL Encryption… enable it. Restricting access can also be done from within webmin itself… Webmin->Webmin Configuration->IP Access Control, but it is always better to use the firewall whenever possible, but any restriction is better than no restrictionĪlso, in webmin, I recommend doing the following. A INPUT -p tcp -m tcp -s .address -dport 9001 -j ACCEPT A INPUT -p udp -m udp -dport 10000:20000 -j ACCEPT Allow connections to our Webmin server ONLY from a specified SOURCE IPaddress webmin can be accessed by “root” by default, so lock it down, or you potentially can be brute force attacked Allow connections to our SIP-RTP server - change -dport appropriately If you are confident your network/routers will not be an issue, and are very familiar with iptables rules (assuming you are running a firewall on the same machine) then there is no reason to change webmin’s port number…Įxample IPtables rules related to this. As you already mentioned, some routers (especially behind simple NAT routers) don’t distinguish, or distinguish well, tcp vs udp, so to help eliminate hard to diagnose random rtp issues in these scenarios, it’s so easy to change the webmin port, why not! (I’d rather have someone just change webmin ports - easy to explain - then have to troubleshoot with packet sniffing software to find a dumb router was in the mix messing it up later on) ![]() ![]() Many people don’t normally setup iptables correctly defining tcp vs udp (heck, many admins don’t fully understand the difference), so by having them on different ports, it makes it very clear in iptables rules, and easier to setup/manage. Here is my opinion (and it is solely that… just an opinion, but it’s main purpose is to make troubleshooting easier) That is a valid point, and I didn’t mean to imply there would be a conflict, as they technically won’t conflict (webmin - tcp 10000, rtp - udp 10000), and I should have been more clear why I recommended switching it.
0 Comments
Leave a Reply. |