The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hardware firewall and Cpanel ?

Discussion in 'General Discussion' started by nyjimbo, Apr 22, 2006.

  1. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    I am in the process of building a 'm0n0wall' firewall for our little computer room and was wondering if anyone has a list of the ports we need to keep OPEN so that we wont screw up anything with Cpanel and WHM. Also if anyone has experienced any weird "gotcha's" using a Firewall with Cpanel/WHM/etc. I would appreciate any tips or hints.

    Thanks !

    :D
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    Hope you have better luck with monowall than I did. Never did get it to work right

    If you have trouble with monowall give this solution a look

    http://www.astaro.com

    If you run it in transparent mode only you will only have to have the 10 client license.

    We have been running the software version of astaro on a spare machine we had for 3 months now and its been rock solid

    Its between our main router and main switch and no lag issues at all plus it has snort intrusion protection built in along with the firewall
     
  5. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    Existing freeware for Cpanel/WHM/ ?

    I belive, the firewall is capped on a operating system. ;)
    Some software do scan the used ports and the ports are easy choosing.

    A port scanner can help idendify used ports. :rolleyes:
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Your post seems to bear no relation to this thread. Running a port scan provides useless information as to what ingress and egress ports need to be open in your firewall.
     
  7. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    Excuse me for some commentings about capabilities to validate which ports are in use.
     
  8. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is the script that APF uses to detect which ports you are listening on...
    Code:
    #!/bin/sh
    #
    # APF 0.9.5 [apf@r-fx.org]
    ###
    # Copyright (C) 1999-2004, R-fx Networks <proj@r-fx.org>
    # Copyright (C) 2004, Ryan MacDonald <ryan@r-fx.org>
    #
    #    This program is free software; you can redistribute it and/or modify
    #    it under the terms of the GNU General Public License as published by
    #    the Free Software Foundation; either version 2 of the License, or
    #    (at your option) any later version.
    #
    #    This program is distributed in the hope that it will be useful,
    #    but WITHOUT ANY WARRANTY; without even the implied warranty of
    #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    #    GNU General Public License for more details.
    #
    #    You should have received a copy of the GNU General Public License
    #    along with this program; if not, write to the Free Software
    #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    ###
    #
    tcp_ports=""
    udp_ports=""
    for ptcp in `netstat -napl | grep LISTEN | grep -v 127.0.0.1 | grep tcp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
    if [ "$tcp_ports" == "" ]; then
            tcp_ports="$ptcp"
    else
            val=`echo $tcp_ports | grep -w $ptcp`
            if [ "$val" == "" ]; then
                    tcp_ports="$tcp_ports,$ptcp"
            fi
    fi
    done
    
    for pudp in `netstat -napl | grep -v 127.0.0.1 | grep udp | awk '{print$4}' | grep : | tr ':' ' ' | awk '{print$2}' | sort -n`; do
    if [ "$udp_ports" == "" ]; then
            udp_ports="$pudp"
    else
            val=`echo $udp_ports | grep -w $pudp`
            if [ "$val" == "" ]; then
                    udp_ports="$udp_ports,$pudp"
            fi
    fi
    done
    
    echo "  Listening TCP ports: $tcp_ports"
    echo "  Listening UDP ports: $udp_ports"
    It should be sufficient for knowing which ports have traffic coming in.
     
  9. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
    Thanks for the scrip.

    I belive some commands should walking fine too.
     
Loading...

Share This Page