The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What are the ports I should leave open on my New Server.

Discussion in 'General Discussion' started by albertg, Sep 24, 2002.

  1. albertg

    albertg Well-Known Member
    PartnerNOC

    Joined:
    Sep 4, 2002
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    I am trying to setup a server to be as secure as possible. Can someone tell me what are the ports i should leave open only.
    (the lesser the better but main services have to work)

    I am using cPanel / WHM:)
     
  2. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    2082 - cpanel
    2086 - whm
    25 - smtp
    110 - pop
    143 - imap
    22 - ssh
    443 - ssl
    2087 - ssl whm
    2095 - webmail
    2083 - ssl cpanel
    2096 - ssl webmail
    3306 - mysql
    21 - ftp
    53 - dns

    Maybe more, but thats all I can think of right now
     
  3. bdraco

    bdraco Guest

    [quote:4ec0bd4627][i:4ec0bd4627]Originally posted by CGarson[/i:4ec0bd4627]

    2082 - cpanel
    2086 - whm
    25 - smtp
    110 - pop
    143 - imap
    22 - ssh
    443 - ssl
    2087 - ssl whm
    2095 - webmail
    2083 - ssl cpanel
    2096 - ssl webmail
    3306 - mysql
    21 - ftp
    53 - dns

    Maybe more, but thats all I can think of right now[/quote:4ec0bd4627]

    2080-2099
     
  4. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    80 - HTTP ;)
    465 - SMTP/SSL
    995 - POP3/SSL
    993 - IMAP/SSL
    6667 (not sure now) - Java Chat if you didn't disable it.

    FTP needs port 20 as well, doesn't it?
     
  5. CGarson

    CGarson Well-Known Member

    Joined:
    Jul 29, 2002
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    6667 is IRC chat, I dont think you want this one open. I dont think FTP needs port 20.
     
  6. ozzi4648

    ozzi4648 Guest

    [quote:efee9a2b44][i:efee9a2b44]Originally posted by CGarson[/i:efee9a2b44]

    6667 is IRC chat, I dont think you want this one open. I dont think FTP needs port 20.[/quote:efee9a2b44]

    Port 20 should be left open if Passive FTP is to be used on your server:p
     
  7. Haddy

    Haddy Registered

    Joined:
    Nov 1, 2002
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    How would you close these ports?
     
  8. maverick

    maverick Well-Known Member

    Joined:
    Jan 6, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I'd like to know how to do this too. What program do you use to do this?

    Mav.
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    You'll need 5100 for ASP, and apparently 8080 and 8443 for JSP if you use them.
     
  10. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
  11. mitul

    mitul Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    List of ports used by cpanel

    21 ---& FTP ---& TCP
    22 ---& SSH ---& TCP
    25 ---& SMTP ---& TCP
    53 ---& DNS ---& TCP & UDP
    80 ---& HTTP ---& TCP
    110 ---& POP3 ---& TCP
    143 ---& IMAP ---& TCP
    443 ---& HTTPs ---& TCP
    465 ---& sSMTP ---& TCP
    993 ---& sIMAP ---& TCP
    995 ---& sPOP3 ---& TCP
    2082 ---& Cpanel ---& TCP
    2083 ---& secure Cpanel
    2086 ---& WHM ---& TCP
    2087 ---& secure WHM
    2095 ---& WebMail ---& TCP
    2096 ---& secure WebMail
    3306 ---& MySQL ---& TCP
    6666 ---& Melange ---& TCP
    7786 ---& Ichange ---& TCP
     
  12. wlandung

    wlandung Registered

    Joined:
    May 16, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    webhost backup

    Hi..,

    I put a firewall in the box. Then i try to use the WHM , i try to add account etc.. and everything seems to be allright because changes is made in the /home directory.
    But when it comes to configuring backup, the WHM said the configuration has been saved daily. And then i wait until the next day but.. no backup is made.
    I ask the support guys and they said that perhaps the firewall has blocked the backup script.

    Now is the question, what port is the backup scipts use..??
    The ports you listed here are already open because i can access WHM and the other functions in the WHM seems normal because i can add account through WHM...
    Only the backup scripts seems to be having problem...

    Can somebody help me...

    wahyu
     
  13. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Let us suppose, for a moment, that this thread contains a workable list of the ports to keep open.

    The question was asked earlier, and I'd like to ask it again ...

    What is the best method of closing unneeded ports?

    (For those of us not running Bastille.)

    And, in some cases, would it be even more useful to uninstall certain unneeded programs?
     
  14. claudio

    claudio Well-Known Member

    Joined:
    Jul 31, 2004
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    Disable Unnecessary Ports :)

    First backup the file that contains your list of ports with:

    cp /etc/services /etc/services.original

    Now configure /etc/services so that it only has the ports you need in it. This will match the ports enabled in your firewall.

    Additional ports are controlled by /etc/rpc. These aren't generally needed, so get shot of that file with: mv /etc/rpc /etc/rpc-moved


    But now another question after all that should we reboot the machine in order to this changes take effect?

    How can we be sure it worked?

    Regards to all

    Claudio
     
  15. bhcomjared

    bhcomjared Member

    Joined:
    Sep 7, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    That one place.
    cPanel Access Level:
    Root Administrator
    CSF Firewall

    You can open/close your ports via the iptable rules (if your running that) I've been working with CSF Firewall. What a wonderful program. Builds into CPanel, you can change ALL your settings via WHM including opening specific ports for TCP in and out, UDP. You can also setup max allowed fails on protocols. You can really lock down security issues with it, plus you can do a security check to see how well you've got everything locked up.

    http://www.configserver.com/cp/csf.html

    I'm quite happy with our change over.:D
     
  16. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Hey, you responded to a 3 year old thread :eek:
     
  17. bhcomjared

    bhcomjared Member

    Joined:
    Sep 7, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    That one place.
    cPanel Access Level:
    Root Administrator
    lol i suppose i did:eek:, doesn't mean someone out there won't find it useful:) I troll the old posts to see if there might be answers to qestions I might be facing;)
     
  18. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Answers provided more than 9-12 months ago are likely to be inaccurate for modern builds of cPanel.
     
  19. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    I agree. But, in that case, can you post an updated list of ports to leave open via firewall?

    I know about this lists used in CSFfirewall:

    TCP_IN =20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:35000

    TCP_OUT =
    20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,30000:35000

    UDP_IN =
    20,21,53,953,30000:35000

    UDP_OUT =
    20,21,53,113,123,873,953,6277,30000:35000

    If you changed the SSH port to other than 21, replace 21 in TCP with your real port. Don't leave it open if you aren't using it.

    If you run a monolithic kernel (a VPS), ports 30000:35000 must be enabled in pure-ftpd in order to enable PASV mode. (Although, doing so, when firewall is running I can upload files but cannot download files that have been uploaded prior to this settings, even if they have the same chmod attributes! :eek:)

    Is this list complete? May be some ports missing?
     
  20. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Up to date information for the ports needed for a cPanel/WHM server can be found at:

    http://blog.cpanel.net/?p=55
     
Loading...

Share This Page