The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables interfering with cpanel

Discussion in 'General Discussion' started by DreamPhysix, Mar 8, 2011.

  1. DreamPhysix

    DreamPhysix Well-Known Member

    Joined:
    Sep 30, 2009
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    when iptables is running, i can't connect to my server on the cpanel ports, however when i disable iptables, i can. i know that i should keep iptables installed and running, but how can i allow everything cpanel uses through it? thanks!
     
  2. ChrisRHS

    ChrisRHS Well-Known Member

    Joined:
    Jul 12, 2006
    Messages:
    292
    Likes Received:
    5
    Trophy Points:
    18
    Hello there,

    Your best bet is to use a firewall application that you works with cPanel. I would suggest you look at CSF (Config Server Firewall), as it has a nice interface right through WHM for it.

    Alternatively, you can edit your default configuration and allow the needed ports to be opened.

    Chris
     
  3. cPanelJackson

    cPanelJackson Product Owner - cPanel Security Team
    Staff Member

    Joined:
    Aug 12, 2010
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    If you are using iptables only as your firewall and you do have that default RH-Firewall-1-INPUT chain, which you can see if you run this command:

    Code:
    /sbin/iptables -n -L|grep RH-Firewall-1-INPUT
    Then the following rules will add the cPanel ports for cPanel, WHM and Webmail, although there may be additional ports needing opened as mentioned in the previously provided link by Nick Jackson:

    Code:
    /sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
    /sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
    /sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT
    Of note, if you only wish the secure ports to be opened for each of those services (cPanel, WHM and Webmail), then only use 2083, 2087 and 2096 for each command indicated.

    Upon adding any rules to the firewall, please ensure to save the configuration or the entries will be wiped whenever the machine gets rebooted:

    Code:
    service iptables save
    If you are blocked from cPanel access in iptables and it isn't due to having the RH-Firewall-1-INPUT chain, you might try adding the rules at the top of the INPUT chain itself, which will occur before any later incoming chains:

    Code:
    /sbin/iptables -I INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
    /sbin/iptables -I INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
    /sbin/iptables -I INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT
    Some suggestions by other sites might be to use -A rather than -I, but -I will put the rule at the top of the chain. If there are later rules blocking access, then having the rules after the blocks will still not allow access to the ports, since any accept rules must proceed deny rules in order for the port to be opened.
     
Loading...

Share This Page