Opening the right ports for cPanel

[disappointed]

I wrote Iptables and made the mistake of blocking the cpanel corp cpanel failed to restart there is a Licensing Server that checks your copy on that server. it did not happen at once it started to faile in about 15 to 20 min. it does check to see if your valid.

If you block them your server fails to restart properly. you can still get in and fix it and the data center tells you what ports have to be open and ips have to be allowed in for the licensing server. With these blocks in place you cant get support or updates as well so you cripple the server, so you have to accept these connections.

# Cpanel Corp

iptables -A INPUT -s 198.66.78.2 -j ACCEPT
iptables -A INPUT -s 208.100.4.101 -j ACCEPT
iptables -A INPUT -s 208.74.121.100 -j ACCEPT
iptables -A INPUT -s 208.74.121.101 -j ACCEPT
iptables -A INPUT -s 208.74.121.102 -j ACCEPT
iptables -A INPUT -s 209.188.92.54 -j ACCEPT
iptables -A INPUT -s 216.104.43.138 -j ACCEPT
iptables -A INPUT -s 8.10.120.130 -j ACCEPT
iptables -A INPUT -s 64.50.161.11 -j ACCEPT
iptables -A INPUT -s 67.159.2.2 -j ACCEPT
iptables -A INPUT -s 67.205.110.4 -j ACCEPT
iptables -A INPUT -s 67.222.0.10 -j ACCEPT
iptables -A INPUT -s 67.227.128.74 -j ACCEPT
iptables -A INPUT -s 69.50.192.73 -j ACCEPT
iptables -A INPUT -s 69.72.212.10 -j ACCEPT
iptables -A INPUT -s 69.72.212.11 -j ACCEPT
iptables -A INPUT -s 69.90.250.34 -j ACCEPT
iptables -A INPUT -s 69.90.250.35 -j ACCEPT
iptables -A INPUT -s 70.87.220.252 -j ACCEPT
iptables -A INPUT -s 72.36.255.218 -j ACCEPT
iptables -A INPUT -s 72.233.42.250 -j ACCEPT
iptables -A INPUT -s 74.50.120.123 -j ACCEPT
iptables -A INPUT -s 74.200.65.162 -j ACCEPT
iptables -A INPUT -s 74.200.212.130 -j ACCEPT
iptables -A INPUT -s 75.126.236.226 -j ACCEPT
iptables -A INPUT -s 75.127.84.226 -j ACCEPT
iptables -A INPUT -s 208.74.121.39 -j ACCEPT
iptables -A INPUT -s 208.74.123.20 -j ACCEPT
iptables -A INPUT -s 208.82.118.100 -j ACCEPT
iptables -A INPUT -s 208.109.109.239 -j ACCEPT
iptables -A INPUT -s 209.85.80.214 -j ACCEPT

 

[cPanelTristan]

I've moved your post to a new thread as it was a different topic than the original thread. Please ensure to review a thread prior to posting to ensure the information is relevant to that thread. If it is not, please open up a new thread for such information.

 

[JaredR.]

Instead of opening access to certain IP addresses - which are subject to change - a better method may be to simply open outbound access from port 2089, which is the licensing port. cpkeyclt, which updates the license, will also try other ports, like port 80, if it is not able to connect to remote servers on port 2089. The following section of our documentation contains a complete list of ports that should be open in a firewall on a cPanel server:

Linux FAQ