Hardware firewall and Cpanel ?

nyjimbo

Well-Known Member
Jan 25, 2003
1,136
1
168
New York
I am in the process of building a 'm0n0wall' firewall for our little computer room and was wondering if anyone has a list of the ports we need to keep OPEN so that we wont screw up anything with Cpanel and WHM. Also if anyone has experienced any weird "gotcha's" using a Firewall with Cpanel/WHM/etc. I would appreciate any tips or hints.

Thanks !

:D
 

dave9000

Well-Known Member
Apr 7, 2003
891
1
168
arkansas
cPanel Access Level
Root Administrator
Hope you have better luck with monowall than I did. Never did get it to work right

If you have trouble with monowall give this solution a look

http://www.astaro.com

If you run it in transparent mode only you will only have to have the 10 client license.

We have been running the software version of astaro on a spare machine we had for 3 months now and its been rock solid

Its between our main router and main switch and no lag issues at all plus it has snort intrusion protection built in along with the firewall
 

Kerstin

Well-Known Member
Apr 9, 2005
136
0
166
Berlin
Existing freeware for Cpanel/WHM/ ?

I belive, the firewall is capped on a operating system. ;)
Some software do scan the used ports and the ports are easy choosing.

A port scanner can help idendify used ports. :rolleyes:
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
30
473
Go on, have a guess
Your post seems to bear no relation to this thread. Running a port scan provides useless information as to what ingress and egress ports need to be open in your firewall.
 

Kerstin

Well-Known Member
Apr 9, 2005
136
0
166
Berlin
Excuse me for some commentings about capabilities to validate which ports are in use.
 

NightStorm

Well-Known Member
Jul 28, 2003
286
4
168
cPanel Access Level
Root Administrator
Twitter
This is the script that APF uses to detect which ports you are listening on...
Code:
#!/bin/sh
#
# APF 0.9.5 [[email protected]]
###
# Copyright (C) 1999-2004, R-fx Networks <[email protected]>
# Copyright (C) 2004, Ryan MacDonald <[email protected]>
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
###
#
tcp_ports=""
udp_ports=""
for ptcp in `netstat -napl | grep LISTEN | grep -v 127.0.0.1 | grep tcp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
if [ "$tcp_ports" == "" ]; then
        tcp_ports="$ptcp"
else
        val=`echo $tcp_ports | grep -w $ptcp`
        if [ "$val" == "" ]; then
                tcp_ports="$tcp_ports,$ptcp"
        fi
fi
done

for pudp in `netstat -napl | grep -v 127.0.0.1 | grep udp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
if [ "$udp_ports" == "" ]; then
        udp_ports="$pudp"
else
        val=`echo $udp_ports | grep -w $pudp`
        if [ "$val" == "" ]; then
                udp_ports="$udp_ports,$pudp"
        fi
fi
done

echo "  Listening TCP ports: $tcp_ports"
echo "  Listening UDP ports: $udp_ports"
It should be sufficient for knowing which ports have traffic coming in.
 

Kerstin

Well-Known Member
Apr 9, 2005
136
0
166
Berlin
Thanks for the scrip.

I belive some commands should walking fine too.