I appologize, I did not see this part of the guide. You already did mention the port. But one thing to note is that you do not need to open any TCP ports. It is all UDP.

These are the ports I use on my firewall, and all works fine. I used to forward both tcp and udp ports until FNW told me on IRC a while back that it was a big misconception and that EQEMU only uses UDP.

BTW: what is 3306 for? I never use that port.

The mysql database is on port 3306.

You don't need to forward that only the server uses that port. Unless your mysql server and eqemu server are located in two physically separate locations with 2 different internet connections. Or if you had a web server located somewhere on the internet and had it querying your mysql database to show information. In either case it would just have to be forwarded on the network with the MYSQL server.

But for a regular EQEMU server with the MYSQL DB server istalled on the localhost or even a separate server on the same LAN you do not need to forward the MYSQL port.

I do a lot of EqEmu work that's spread out over four machines in my network - My server is Linux, and only used for the EqEMu server and some other assorted email and whatever servers.
I compile and try to pre-test everything in windows and Linux, so the database is shared through out the LAN and even to a few friends over the net.
Since many people were having so much trouble getting MiniLogin up and running. I posted a detailed explanation and example of what I know is working, because it's what I have working at my LAN - since I like to test everything I do before I preach it to some one else, I posted what I have running and am sure works.

yes, I know. But you asked what the port was... I don't see any need for you to open it up unless you have a specific need to like Angelox does.

The port is open, but admin would still have to set up your IP/host with MySql, even if you knew username/password you're not admitted. And only allow user admin privs on the server machine.

unless you did one of these then they could access it from any ip address:

But yes you are both correct, my point was that it is not needed for a regular home brew server, only for special cases like Angelox's. So basically if you are not sure that you need it then you probably don't. As for the other ports try turning off all of the tcp ports and just leave the udps I bet you will have no issues. Just a more secure firewall. You may need to leave tcp on port 9000 if you use the telnet feature, I usually only use this through vpn if I need to though, since telnet by default is unsecure.

That would defeat what I was pointing out; the port is secure as long as it points to the mysql database and user privs only accessible by the root/server. "GRANT ALL PRIVILEGES" is not always a good idea, and will make the database insecure.

Yup, that is what I was saying. Some people blindly follow guides for mysql or anything for that matter, and I have seen that line in quite a few of them. So if you are trying something but do not quite know what you are doing you may end up throwing that line in your mysql and accidentally open it up to the world without knowing about it.

I think you have a great guide here, I was just trying to help elaborate a bit so someone does not follow this guide blindy and introduce possible security holes if they don't know exactly what they are doing.