Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Hardware firewall and Cpanel ?

Discussion in 'General Discussion' started by nyjimbo, Apr 22, 2006.

  1. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,129
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    I am in the process of building a 'm0n0wall' firewall for our little computer room and was wondering if anyone has a list of the ports we need to keep OPEN so that we wont screw up anything with Cpanel and WHM. Also if anyone has experienced any weird "gotcha's" using a Firewall with Cpanel/WHM/etc. I would appreciate any tips or hints.

    Thanks !

    :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,129
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Hope you have better luck with monowall than I did. Never did get it to work right

    If you have trouble with monowall give this solution a look

    http://www.astaro.com

    If you run it in transparent mode only you will only have to have the 10 client license.

    We have been running the software version of astaro on a spare machine we had for 3 months now and its been rock solid

    Its between our main router and main switch and no lag issues at all plus it has snort intrusion protection built in along with the firewall
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    Existing freeware for Cpanel/WHM/ ?

    I belive, the firewall is capped on a operating system. ;)
    Some software do scan the used ports and the ports are easy choosing.

    A port scanner can help idendify used ports. :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Your post seems to bear no relation to this thread. Running a port scan provides useless information as to what ingress and egress ports need to be open in your firewall.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    Excuse me for some commentings about capabilities to validate which ports are in use.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is the script that APF uses to detect which ports you are listening on...
    Code:
    #!/bin/sh
    #
    # APF 0.9.5 [apf@r-fx.org]
    ###
    # Copyright (C) 1999-2004, R-fx Networks <proj@r-fx.org>
    # Copyright (C) 2004, Ryan MacDonald <ryan@r-fx.org>
    #
    #    This program is free software; you can redistribute it and/or modify
    #    it under the terms of the GNU General Public License as published by
    #    the Free Software Foundation; either version 2 of the License, or
    #    (at your option) any later version.
    #
    #    This program is distributed in the hope that it will be useful,
    #    but WITHOUT ANY WARRANTY; without even the implied warranty of
    #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    #    GNU General Public License for more details.
    #
    #    You should have received a copy of the GNU General Public License
    #    along with this program; if not, write to the Free Software
    #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    ###
    #
    tcp_ports=""
    udp_ports=""
    for ptcp in `netstat -napl | grep LISTEN | grep -v 127.0.0.1 | grep tcp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
    if [ "$tcp_ports" == "" ]; then
            tcp_ports="$ptcp"
    else
            val=`echo $tcp_ports | grep -w $ptcp`
            if [ "$val" == "" ]; then
                    tcp_ports="$tcp_ports,$ptcp"
            fi
    fi
    done
    
    for pudp in `netstat -napl | grep -v 127.0.0.1 | grep udp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
    if [ "$udp_ports" == "" ]; then
            udp_ports="$pudp"
    else
            val=`echo $udp_ports | grep -w $pudp`
            if [ "$val" == "" ]; then
                    udp_ports="$udp_ports,$pudp"
            fi
    fi
    done
    
    echo "  Listening TCP ports: $tcp_ports"
    echo "  Listening UDP ports: $udp_ports"
    It should be sufficient for knowing which ports have traffic coming in.
     
  9. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Berlin
    Thanks for the scrip.

    I belive some commands should walking fine too.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice