|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Support::MiniLogin Support forum for problems with the official MiniLogin release. |
|
|
|
02-05-2009, 09:53 AM
|
Discordant
|
|
Join Date: Apr 2006
Posts: 374
|
|
Quote:
Ports on your router that need to be opened;
3306/udp, 5999/udp, 9000/udp, 7000-7010/udp, 3306/tcp, 5999/tcp, 7000-7010/tcp
ports 7000-7010 are variable, pending on how many dynamic and static zones you start up. If you use 5 dynamic zones and 5 static, then 7000-7010, is ok, if you start more, then increase the amount accordingly.
|
I appologize, I did not see this part of the guide. You already did mention the port. But one thing to note is that you do not need to open any TCP ports. It is all UDP.
These are the ports I use on my firewall, and all works fine. I used to forward both tcp and udp ports until FNW told me on IRC a while back that it was a big misconception and that EQEMU only uses UDP.
Code:
UDP Uplink ANY : 7779 => 192.168.42.4 : 7779 EQEMU Mail
UDP Uplink ANY : 7778 => 192.168.42.4 : 7778 EQEMU Chat
UDP Uplink ANY : 5999 => 192.168.42.4 : 5999 EQ Minilogin
UDP Uplink ANY : 9000 => 192.168.42.4 : 9000 EQEMU
UDP Uplink ANY :
7000 - 7010 => 192.168.42.4 : 7000 - 7010 EQEMU
BTW: what is 3306 for? I never use that port.
|
|
|
|
02-05-2009, 02:02 PM
|
Dragon
|
|
Join Date: Feb 2007
Posts: 659
|
|
The mysql database is on port 3306.
|
02-05-2009, 02:16 PM
|
Discordant
|
|
Join Date: Apr 2006
Posts: 374
|
|
You don't need to forward that only the server uses that port. Unless your mysql server and eqemu server are located in two physically separate locations with 2 different internet connections. Or if you had a web server located somewhere on the internet and had it querying your mysql database to show information. In either case it would just have to be forwarded on the network with the MYSQL server.
But for a regular EQEMU server with the MYSQL DB server istalled on the localhost or even a separate server on the same LAN you do not need to forward the MYSQL port.
|
02-05-2009, 03:14 PM
|
AX Classic Developer
|
|
Join Date: May 2006
Location: filler
Posts: 2,049
|
|
I do a lot of EqEmu work that's spread out over four machines in my network - My server is Linux, and only used for the EqEMu server and some other assorted email and whatever servers.
I compile and try to pre-test everything in windows and Linux, so the database is shared through out the LAN and even to a few friends over the net.
Since many people were having so much trouble getting MiniLogin up and running. I posted a detailed explanation and example of what I know is working, because it's what I have working at my LAN - since I like to test everything I do before I preach it to some one else, I posted what I have running and am sure works.
|
02-05-2009, 03:40 PM
|
Dragon
|
|
Join Date: Feb 2007
Posts: 659
|
|
Quote:
Originally Posted by cubber
You don't need to forward that only the server uses that port. Unless your mysql server and eqemu server are located in two physically separate locations with 2 different internet connections. Or if you had a web server located somewhere on the internet and had it querying your mysql database to show information. In either case it would just have to be forwarded on the network with the MYSQL server.
But for a regular EQEMU server with the MYSQL DB server istalled on the localhost or even a separate server on the same LAN you do not need to forward the MYSQL port.
|
yes, I know. But you asked what the port was... I don't see any need for you to open it up unless you have a specific need to like Angelox does.
|
02-05-2009, 08:18 PM
|
AX Classic Developer
|
|
Join Date: May 2006
Location: filler
Posts: 2,049
|
|
The port is open, but admin would still have to set up your IP/host with MySql, even if you knew username/password you're not admitted. And only allow user admin privs on the server machine.
|
02-05-2009, 10:22 PM
|
Discordant
|
|
Join Date: Apr 2006
Posts: 374
|
|
unless you did one of these then they could access it from any ip address:
Code:
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
But yes you are both correct, my point was that it is not needed for a regular home brew server, only for special cases like Angelox's. So basically if you are not sure that you need it then you probably don't. As for the other ports try turning off all of the tcp ports and just leave the udps I bet you will have no issues. Just a more secure firewall. You may need to leave tcp on port 9000 if you use the telnet feature, I usually only use this through vpn if I need to though, since telnet by default is unsecure.
|
|
|
|
02-06-2009, 09:31 AM
|
AX Classic Developer
|
|
Join Date: May 2006
Location: filler
Posts: 2,049
|
|
Quote:
Originally Posted by cubber
unless you did one of these then they could access it from any ip address:
Code:
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
But yes you are both correct, my point was that it is not needed for a regular home brew server, only for special cases like Angelox's. So basically if you are not sure that you need it then you probably don't. As for the other ports try turning off all of the tcp ports and just leave the udps I bet you will have no issues. Just a more secure firewall. You may need to leave tcp on port 9000 if you use the telnet feature, I usually only use this through vpn if I need to though, since telnet by default is unsecure.
|
That would defeat what I was pointing out; the port is secure as long as it points to the mysql database and user privs only accessible by the root/server. "GRANT ALL PRIVILEGES" is not always a good idea, and will make the database insecure.
|
|
|
|
02-06-2009, 09:59 AM
|
Discordant
|
|
Join Date: Apr 2006
Posts: 374
|
|
Yup, that is what I was saying. Some people blindly follow guides for mysql or anything for that matter, and I have seen that line in quite a few of them. So if you are trying something but do not quite know what you are doing you may end up throwing that line in your mysql and accidentally open it up to the world without knowing about it.
I think you have a great guide here, I was just trying to help elaborate a bit so someone does not follow this guide blindy and introduce possible security holes if they don't know exactly what they are doing.
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -4. The time now is 09:49 PM.
|
|
|
|
|
|
|
|
|
|
|
|
|