The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What should iptables config be?

Discussion in 'Security' started by marklewis, Aug 9, 2014.

  1. marklewis

    marklewis Registered

    Joined:
    Aug 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Since a week ago I have not been able to access WHM and cPanel via the usual ports from any location (not ISP blocked). I can access via the whm. and cpanel. urls and via ssh.

    It looks like iptables is turned on with a default configuration that does not allow the cPanel ports.

    I originally installed cPanel on CentOS with chkconfig iptables off and service iptables stop as recommended and has been working ok for years.

    Does the standard cPanel install leave iptables turned off or configure it to allow access?

    How have I now got a default iptables configuration active without having made any changes via shell or WHM?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,

    There is no default iptables rules for cPanel server. You will have to enable following port in your server firewall so that you will not get any issues when iptables is started on your server


    Code:
        
    2082 cPanel TCP inbound
    2083 cPanel SSL TCP inbound
    2086 WHM TCP inbound
    2087 WHM SSL TCP inbound
    2089 cPanel license TCP outbound
    2095 Webmail TCP inbound
    2096 Webmail SSL TCP inbound
     
  3. marklewis

    marklewis Registered

    Joined:
    Aug 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    After a standard cPanel install, is iptables left switched off?

    If so how has it switched back on? Would an automatic software update have caused that?
     
  4. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    cPanel does NOTHING with a firewall. We do absolutely zero configuration for that. So what ever firewall you have installed at the time of the OS install is what you're using.

    Please type the following:

    Code:
    iptables -L -n --line-numbers | grep :208
    
    That should list all rules with ports in the 208x range (2082-2087... etc...)
    And their current status: ACCEPT or DROP
     
  5. marklewis

    marklewis Registered

    Joined:
    Aug 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I originally installed cPanel on CentOS with chkconfig iptables off, as per the installation instructions, so have I been using the server for years with it off? Is that recommended?

    If it was off, how has it switched back on? No one has done that manually.
     
  6. Quick Strike

    Quick Strike Registered

    Joined:
    Aug 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Most likely you were running bare.. You should try to install csf firewall.
     
  7. marklewis

    marklewis Registered

    Joined:
    Aug 9, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Given that I can access WHM and cPanel using the whm. and cpanel. https urls, is there any problem with not having the custom ports open?

    My iptables now appears to be the original CentOS default which allows all the standard ports. I suspect a recent automatic reboot reinstalled that.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The cPanel ports are open for traffic if you are able to access them without the use of the proxy subdomains feature. I suggest using a firewall management utility such as CSF to help manage your firewall rules.

    Thank you.
     
Loading...

Share This Page