Request Default Port Change for E2guardian

[Dalacor]

Port 8080 has always traditionally been the port used for Proxy Servers. However, unfortunately many Lan systems (and backdoor trojans) use Port 8080 eg Ubiquiti Wireless. I would recommend that E2guardian uses ports 8081 upwards.

While it is easy enough to change the default port in E2guardian, I think it would be a good idea to review whether port 8080 is the most appropriate port to use by default.

[KDGundermann]

Port 8080 is standarized by IANA and yes, some malware writers know this port too. But they will find the port anyway e.g. looking at the http_proxy env var.
As you have said, it is easy to configure another port for e2 if you think it will increase the security.

[Dalacor]

Sorry I wasn't clear on why I was making the suggestion. It was not about security, but about avoiding issues with firewall rules when two completely different services are using the same port number.

That's why I suggested that E2guardian use port 8081 as default, so it is easy to configure firewall rules for services like Ubiquiti wireless using port 8080. The likelihood of legitimate services using port 8081 is low, but a surprising number of enterprise products use port 8080 even though they are not a proxy server.

For my Firewall and configuring Site to Site traffic, I found it easier to make E2guardian default to port 8081 to handle Internet traffic, whilst blocking two internal services we use that are using port 8080 between sites - as we don't need that traffic site to site.

My concern is that port 8080 is an over used port number by far too many enterprise products.

[philipianpearce]

I can see that there may be a case for changing the default port but what to?
You could use the default squid port 3128 which is also assigned as http proxy port by IANA, but this may conflict if squid is in use.
I don't want to change in the current version, as do not want to add to upgrading issues, but if we can agree on a generally 'better' port we can include in the template e2guardian comments as a recommendation?
Or add recommendation to use a different port based on @Dalacor suggestion?
What do you think?

[Dalacor]

I would recommend that 3128 is reserved for Squid. I don't use Squid, but a lot of people probably still use Squid as I believe this the only way to handle authentication at user level as E2guardian doesn't. So there needs to be a defined port for Squid and one for E2guardian.

I use Ports 8081-8085, however, in my user case, this conflicts with nothing! Port 8080 on my networks conflicts with two separate services and quite a number of malware uses port 8080! I can't recommend a port, because while I have nothing on my systems that use ports 8081-8085, that may not be true for others, especially if they use Mcafee! Having said that, the other ports, have far fewer applications using those ports. But still quite a few services use those ports.

https://www.speedguide.net/port.php?port=8080

Perhaps using speedguide website, if we can find 10 consecutive unused ports, they could become the default ports in a future release? I have no issues waiting (as I have fixed the issue myself). I am just thinking long term, that port 8080 might have been a good choice back in the day, but I think it would make sense to find some ports that no services are using for E2guardian 6.0?

Ubiquiti wireless for example is very widely used and that uses port 8080 for some of it's traffic.