Open the port for the second IP

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

1. How did you add the IP address?
2. CSF doesn't natively open/close ports per IP address - so my assumption here is that there's a rule specific to the original IP address added in iptables. You might run something like the following to see this:
Code:
iptables -L -n |grep 443
 

mismari

Member
Apr 16, 2019
18
0
1
Iran
cPanel Access Level
Root Administrator
I've added a new IP through the Add a New IP Address on whm that ports on the new IP are 2087 and 2082 but port 443 is closed which I couldn't open for the new IP
How do I open port 443 on the new IP?
I also have access to ssh
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The last IP address noted in that list is it the primary IP of the server? You may want to remove that IP address from iptables

To identify if the issue is in fact iptables you can do something like the following:

  1. Temporarily disable CSF
    Code:
    csf -x
  2. Temporarily flush the iptables rules:
    Code:
    iptables --flush
  3. Check if you're able to reach the new IP over 443 - from outside the server you can run something like the following:
    Code:
    sudo nmap -sU -sT <NEWIPADDRESS> -p 443
  4. Restart iptables to bring its rules back:
    Code:
    systemctl restart iptables.service
  5. Re-enable CSF
    Code:
    csf -e
If the IP remains unresponsive to that port after you've disabled the firewall on the server and flushed the rules present, you can pretty safely rule out something on the server as being the culprit and lean towards there being a routing issue or external/hardware firewall issue.
 

mismari

Member
Apr 16, 2019
18
0
1
Iran
cPanel Access Level
Root Administrator
See
We already had an IP server on the server, which is assumed to be 1.1.1.1, and port 443 is open

We have just added another new IP to the server via whm which is supposed to be IP 2.2.2.2. But the problem is that port 443 is not open on this IP.

How can we fix this problem and open port 443 for the new IP?

In previous posts, the ones you mentioned didn't seem to be about opening a port on an IP

Thanks
 

mismari

Member
Apr 16, 2019
18
0
1
Iran
cPanel Access Level
Root Administrator
Even in the csf firewall I have defined the following roll that port 443 will still not open (of course no port is open) of course there is something wrong with my work but I do not know where!
tcp: in: d = XXXX: d = aa.bb.cc.dd
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

The entirety of this thread I've been attempting to assist you with identifying why port 443 is "closed" for that IP address. Unfortunately, there is absolutely no way for me to know your configuration without access to the server. The steps I suggested you take to rule out the firewall as part of this issue do not appear to have been taken.

Again, I suggest you perform the following steps to rule out the firewall as the issue:

The last IP address noted in that list is it the primary IP of the server? You may want to remove that IP address from iptables

To identify if the issue is in fact iptables you can do something like the following:

  1. Temporarily disable CSF
    Code:
    csf -x
  2. Temporarily flush the iptables rules:
    Code:
    iptables --flush
  3. Check if you're able to reach the new IP over 443 - from outside the server you can run something like the following:
    Code:
    sudo nmap -sU -sT <NEWIPADDRESS> -p 443
  4. Restart iptables to bring its rules back:
    Code:
    systemctl restart iptables.service
  5. Re-enable CSF
    Code:
    csf -e
If the IP remains unresponsive to that port after you've disabled the firewall on the server and flushed the rules present, you can pretty safely rule out something on the server as being the culprit and lean towards there being a routing issue or external/hardware firewall issue.
If you are unable to reach the new IP over 443 while the firewall is disabled the issue is NOT on this server and you'll need to either look at any hardware devices you may have attached or the routing of the IP address itself.

If any of this is unclear, or if you're unsure how to perform the suggested actions, I strongly urge you to contact your provider. If you're provider is unable to assist you I would advise you to enlist the assistance of a qualified system administrator. If you don't have one you might find one here: System Administration Services

Thank you.