The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Opening the right ports for cPanel

Discussion in 'Security' started by disappointed, Jan 15, 2012.

  1. disappointed

    disappointed Active Member

    Joined:
    May 25, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston
    I wrote Iptables and made the mistake of blocking the cpanel corp cpanel failed to restart there is a Licensing Server that checks your copy on that server. it did not happen at once it started to faile in about 15 to 20 min. it does check to see if your valid.

    If you block them your server fails to restart properly. you can still get in and fix it and the data center tells you what ports have to be open and ips have to be allowed in for the licensing server. With these blocks in place you cant get support or updates as well so you cripple the server, so you have to accept these connections.

    # Cpanel Corp

    iptables -A INPUT -s 198.66.78.2 -j ACCEPT
    iptables -A INPUT -s 208.100.4.101 -j ACCEPT
    iptables -A INPUT -s 208.74.121.100 -j ACCEPT
    iptables -A INPUT -s 208.74.121.101 -j ACCEPT
    iptables -A INPUT -s 208.74.121.102 -j ACCEPT
    iptables -A INPUT -s 209.188.92.54 -j ACCEPT
    iptables -A INPUT -s 216.104.43.138 -j ACCEPT
    iptables -A INPUT -s 8.10.120.130 -j ACCEPT
    iptables -A INPUT -s 64.50.161.11 -j ACCEPT
    iptables -A INPUT -s 67.159.2.2 -j ACCEPT
    iptables -A INPUT -s 67.205.110.4 -j ACCEPT
    iptables -A INPUT -s 67.222.0.10 -j ACCEPT
    iptables -A INPUT -s 67.227.128.74 -j ACCEPT
    iptables -A INPUT -s 69.50.192.73 -j ACCEPT
    iptables -A INPUT -s 69.72.212.10 -j ACCEPT
    iptables -A INPUT -s 69.72.212.11 -j ACCEPT
    iptables -A INPUT -s 69.90.250.34 -j ACCEPT
    iptables -A INPUT -s 69.90.250.35 -j ACCEPT
    iptables -A INPUT -s 70.87.220.252 -j ACCEPT
    iptables -A INPUT -s 72.36.255.218 -j ACCEPT
    iptables -A INPUT -s 72.233.42.250 -j ACCEPT
    iptables -A INPUT -s 74.50.120.123 -j ACCEPT
    iptables -A INPUT -s 74.200.65.162 -j ACCEPT
    iptables -A INPUT -s 74.200.212.130 -j ACCEPT
    iptables -A INPUT -s 75.126.236.226 -j ACCEPT
    iptables -A INPUT -s 75.127.84.226 -j ACCEPT
    iptables -A INPUT -s 208.74.121.39 -j ACCEPT
    iptables -A INPUT -s 208.74.123.20 -j ACCEPT
    iptables -A INPUT -s 208.82.118.100 -j ACCEPT
    iptables -A INPUT -s 208.109.109.239 -j ACCEPT
    iptables -A INPUT -s 209.85.80.214 -j ACCEPT
     
    #1 disappointed, Jan 15, 2012
    Last edited: Jan 15, 2012
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I've moved your post to a new thread as it was a different topic than the original thread. Please ensure to review a thread prior to posting to ensure the information is relevant to that thread. If it is not, please open up a new thread for such information.
     
  3. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Instead of opening access to certain IP addresses - which are subject to change - a better method may be to simply open outbound access from port 2089, which is the licensing port. cpkeyclt, which updates the license, will also try other ports, like port 80, if it is not able to connect to remote servers on port 2089. The following section of our documentation contains a complete list of ports that should be open in a firewall on a cPanel server:

    Linux FAQ
     
Loading...

Share This Page