Opening port 2224 - FirewallD is not running

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
Hello,

I have to open port 2224, according to Godaddy using this documentation.
But when I open Terminal and inssert the command

Code:
sudo firewall-cmd --permanent --zone=public --add-port=2224/tcp
An error is displayed in red saying: FirewallD is not running

What does it mean ? How can I open this port ?

Thanks :)
 
Last edited:

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
Fixed. using

  1. sudo firewall-cmd --state
  2. systemctl unmask firewalld
  3. systemctl enable firewalld
  4. systemctl start firewalld
Port opened.
Now what is recommended ? I disbale FirewallD ? I have Firewall TableIP installed.

Thanks
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,753
311
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
Do you have another firewall interface installed like CSF? If so you should turn off and disable firewalld and use the CSF configuration files instead.
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
Yes I have CSF installed, now it is disbaled and FirewallD enabled.
I'm thinking of uninstalling CSF and keep FirewallD enabled, I tired thos commands:

cd /etc/csf

sh uninstall.sh
But when I run sh uninstall.sh, nothing happen. Why cant remove CSF ?
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,753
311
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
Personally, I would suggest the opposite, keep CSF and ditch firewalld. CSF makes managing the firewall super easy, its very extensible and does a lot more than you could do with firewalld manually.
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
I disabled FirewallD and Enable CSF and added the port 2224 as allowed (incoming and outgoing) but Godaddy showed me again the same error regarding port 2224 closed. So I enabled again FirewallD.

But how can I uninstall CSF ?
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
Yes but when you do that you have to reload the firewall
I think i did what you are saying, when I add the ports and click Change, the page load and display a message saying : Changes saved. You should restart both csf and lfd.

With a button "Restart CSF + LFD" I clicked on it.

Do you know a SSH command to display the openned ports ?
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,753
311
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
iptables --list --numeric |grep 2224

should show something like

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2224
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2224
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
I agree with the suggestion to use CSF instead of firewalld especially for the UI it offers for configuration.

You might also check to ensure that CSF/LFD is out of testing mode, none of the changes you make to it when in testing mode are put into effect.
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
I agree with the suggestion to use CSF instead of firewalld especially for the UI it offers for configuration.

You might also check to ensure that CSF/LFD is out of testing mode, none of the changes you make to it when in testing mode are put into effect.
Me too I prefer it because of the UI. Now I turned it On, and disable FirewallD. and testing mode is Off in both.

The error returned to Godaddy dashboard.

How can I make sure the port is open ? I tried to run the command

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2224
it returned bash: ACCEPT: command not found

Thanks
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
If you're using CSF though I wouldn't be making manual changes to iptables which is what it looks like you were attempting to do. In the configuration for CSF for TCP Inbound and Outbound you need to add the ssh port you're trying to open if you're trying to change the SSH port you also need to add it in the sshd_config at /etc/ssh/sshd_config
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
I added the port number in Firewall configuration :
  • TCP_IN
  • TCP_OUT
  • UDP_IN
  • UDP_OUT
Saved and restarted both CSF and LFD, I opened the file /etc/ssh/sshd_config using nano. How and where can I add the port number ?

Thanks.
 

psytanium

Well-Known Member
Jun 6, 2014
275
13
68
Lebanon
cPanel Access Level
Root Administrator
I changed #port 22 to port 2224 in sshd_config, disable FirewallD, enabled CFS, restarted CSF, LFD and the server.
Logged in to Godaddy dashboard, again red alert, Danger, the port 2224 is closed.

What other possibilities can we try ?

Thanks for the help.