Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Opening port 2224 - FirewallD is not running

Discussion in 'Security' started by psytanium, May 29, 2019.

  1. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    Hello,

    I have to open port 2224, according to Godaddy using this documentation.
    But when I open Terminal and inssert the command

    Code:
    sudo firewall-cmd --permanent --zone=public --add-port=2224/tcp
    An error is displayed in red saying: FirewallD is not running

    What does it mean ? How can I open this port ?

    Thanks :)
     
    #1 psytanium, May 29, 2019
    Last edited: May 29, 2019
  2. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    Fixed. using

    1. sudo firewall-cmd --state
    2. systemctl unmask firewalld
    3. systemctl enable firewalld
    4. systemctl start firewalld
    Port opened.
    Now what is recommended ? I disbale FirewallD ? I have Firewall TableIP installed.

    Thanks
     
  3. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Do you have another firewall interface installed like CSF? If so you should turn off and disable firewalld and use the CSF configuration files instead.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    Yes I have CSF installed, now it is disbaled and FirewallD enabled.
    I'm thinking of uninstalling CSF and keep FirewallD enabled, I tired thos commands:

    But when I run sh uninstall.sh, nothing happen. Why cant remove CSF ?
     
  5. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Personally, I would suggest the opposite, keep CSF and ditch firewalld. CSF makes managing the firewall super easy, its very extensible and does a lot more than you could do with firewalld manually.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren and psytanium like this.
  6. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    I disabled FirewallD and Enable CSF and added the port 2224 as allowed (incoming and outgoing) but Godaddy showed me again the same error regarding port 2224 closed. So I enabled again FirewallD.

    But how can I uninstall CSF ?
     
  7. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Did you restart csf after editing the conf?

    /etc/csf/uninstall.sh
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    I didn't edited the config, but added the port number in CSF configuration :

    Allow incoming TCP ports
    Allow outgoing TCP ports
     
  9. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Yes but when you do that you have to reload the firewall
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    I think i did what you are saying, when I add the ports and click Change, the page load and display a message saying : Changes saved. You should restart both csf and lfd.

    With a button "Restart CSF + LFD" I clicked on it.

    Do you know a SSH command to display the openned ports ?
     
  11. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,485
    Likes Received:
    187
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    iptables --list --numeric |grep 2224

    should show something like

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2224
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2224
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I agree with the suggestion to use CSF instead of firewalld especially for the UI it offers for configuration.

    You might also check to ensure that CSF/LFD is out of testing mode, none of the changes you make to it when in testing mode are put into effect.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    Me too I prefer it because of the UI. Now I turned it On, and disable FirewallD. and testing mode is Off in both.

    The error returned to Godaddy dashboard.

    How can I make sure the port is open ? I tried to run the command

    it returned bash: ACCEPT: command not found

    Thanks
     
  14. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    If you're using CSF though I wouldn't be making manual changes to iptables which is what it looks like you were attempting to do. In the configuration for CSF for TCP Inbound and Outbound you need to add the ssh port you're trying to open if you're trying to change the SSH port you also need to add it in the sshd_config at /etc/ssh/sshd_config
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    I added the port number in Firewall configuration :
    • TCP_IN
    • TCP_OUT
    • UDP_IN
    • UDP_OUT
    Saved and restarted both CSF and LFD, I opened the file /etc/ssh/sshd_config using nano. How and where can I add the port number ?

    Thanks.
     
  16. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @psytanium

    There's a line in the config file that is commented out like so:

    Code:
    #Port 22
    You'd just remove the comment and add the port you want there and save
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    I changed #port 22 to port 2224 in sshd_config, disable FirewallD, enabled CFS, restarted CSF, LFD and the server.
    Logged in to Godaddy dashboard, again red alert, Danger, the port 2224 is closed.

    What other possibilities can we try ?

    Thanks for the help.
     
  18. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Did you also restart sshd? Is there somewhere in the provider's dashboard where you can manage ports as well?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. psytanium

    psytanium Well-Known Member

    Joined:
    Jun 6, 2014
    Messages:
    165
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Lebanon
    cPanel Access Level:
    Root Administrator
    Can you help me uninstall CSF ?
     
  20. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    508
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice