when iptables is running, i can't connect to my server on the cpanel ports, however when i disable iptables, i can. i know that i should keep iptables installed and running, but how can i allow everything cpanel uses through it? thanks!
Hello there,
Your best bet is to use a firewall application that you works with cPanel. I would suggest you look at CSF (Config Server Firewall), as it has a nice interface right through WHM for it.
Alternatively, you can edit your default configuration and allow the needed ports to be opened.
Chris
Your best bet is to use a firewall application that you works with cPanel. I would suggest you look at CSF (Config Server Firewall), as it has a nice interface right through WHM for it.
Alternatively, you can edit your default configuration and allow the needed ports to be opened.
Chris
On a default CentOS install, the RH-Firewall-1-INPUT chain will prevent access to WHM. You would either need to remove this chain, or add specific iptables rules to allow access to the correct ports.
Getting the most out of your system's firewall. - cPanel Inc.
HowTos/Network/IPTables - CentOS Wiki
Getting the most out of your system's firewall. - cPanel Inc.
HowTos/Network/IPTables - CentOS Wiki
If you are using iptables only as your firewall and you do have that default RH-Firewall-1-INPUT chain, which you can see if you run this command:
Then the following rules will add the cPanel ports for cPanel, WHM and Webmail, although there may be additional ports needing opened as mentioned in the previously provided link by Nick Jackson:
Of note, if you only wish the secure ports to be opened for each of those services (cPanel, WHM and Webmail), then only use 2083, 2087 and 2096 for each command indicated.
Upon adding any rules to the firewall, please ensure to save the configuration or the entries will be wiped whenever the machine gets rebooted:
If you are blocked from cPanel access in iptables and it isn't due to having the RH-Firewall-1-INPUT chain, you might try adding the rules at the top of the INPUT chain itself, which will occur before any later incoming chains:
Some suggestions by other sites might be to use -A rather than -I, but -I will put the rule at the top of the chain. If there are later rules blocking access, then having the rules after the blocks will still not allow access to the ports, since any accept rules must proceed deny rules in order for the port to be opened.
Code:
/sbin/iptables -n -L|grep RH-Firewall-1-INPUT
Code:
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPTUpon adding any rules to the firewall, please ensure to save the configuration or the entries will be wiped whenever the machine gets rebooted:
Code:
service iptables save
Code:
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| K | Host Access Control, rules dont load - nftables removed, iptables installed | Security | 3 | |
| J | SOLVED iptables -L odd chain allow including Amazon ec2 | Security | 4 | |
| G | Fun with iptables | Security | 2 | |
| M | Import blocked IPs from iptables to csf? | Security | 3 | |
| A | about iptables adn firewalld | Security | 8 |