Vahid
August 6th, 2008, 01:03
Which Firewall Ports are needed to be open on a cPanel/WHM Server
As a system admin today you have several choices to protect your system when it comes to picking a firewall. While all firewall products are probably a little different in functionality and setup, the one thing they have in common is that theyt provide you with the option open or close specific ports to protect your web server.
cPanel and WHM install and use a number of different services on your system. Many of these services require an outside connection to function properly. Therefore, specific ports in the firewall will need to be opened for these services to function properly. The following list is a starting point you can use to make your system secure. You should carefully review this list and make adjustments to meet your server needs accordingly.
Firewall Ports
20 FTP (Consider SFTP over SSH as is more secure than FTP)
21 FTP (Consider SFTP over SSH as is more secure than FTP)
22 SSH (Consider switching SSH to a different, non-standard port for security reasons)
25 SMTP (some ISPs block port 25 so that a mail client cannot reach the mail server to send mail)
26 SMTP (alternate SMTP port option – see notes for port 25)
37 rdate (needed to retrieve date and time information)
43 whois (part of generic DNS features)
53 bind (DNS)
80 http (Apache / Web)
110 POP3 (Email)
113 ident (authentication)
143 IMAP (Email)
443 https (Web / HTTP over SSL)
465 SMTP (TLS/SSL)
873 rsync (remote sync)
993 (IMAP SSL)
995 (POP3 SSL)
2083 cPanel (SSL encrypted)
2087 WHM (SSL encrypted)
2089 Licensing (Must be open to contact license server)
2096 Webmail (Horde, Squirrelmail)
3306 MySQL (MySQL remote connections)
This list should be a good starting point to secure your web server. Make sure to test carefully as otherwise server functionality might be at stake. Also make sure not to lock yourself out. I usually have a running SSH session + WHM at the same time, just to be safe.
As a system admin today you have several choices to protect your system when it comes to picking a firewall. While all firewall products are probably a little different in functionality and setup, the one thing they have in common is that theyt provide you with the option open or close specific ports to protect your web server.
cPanel and WHM install and use a number of different services on your system. Many of these services require an outside connection to function properly. Therefore, specific ports in the firewall will need to be opened for these services to function properly. The following list is a starting point you can use to make your system secure. You should carefully review this list and make adjustments to meet your server needs accordingly.
Firewall Ports
20 FTP (Consider SFTP over SSH as is more secure than FTP)
21 FTP (Consider SFTP over SSH as is more secure than FTP)
22 SSH (Consider switching SSH to a different, non-standard port for security reasons)
25 SMTP (some ISPs block port 25 so that a mail client cannot reach the mail server to send mail)
26 SMTP (alternate SMTP port option – see notes for port 25)
37 rdate (needed to retrieve date and time information)
43 whois (part of generic DNS features)
53 bind (DNS)
80 http (Apache / Web)
110 POP3 (Email)
113 ident (authentication)
143 IMAP (Email)
443 https (Web / HTTP over SSL)
465 SMTP (TLS/SSL)
873 rsync (remote sync)
993 (IMAP SSL)
995 (POP3 SSL)
2083 cPanel (SSL encrypted)
2087 WHM (SSL encrypted)
2089 Licensing (Must be open to contact license server)
2096 Webmail (Horde, Squirrelmail)
3306 MySQL (MySQL remote connections)
This list should be a good starting point to secure your web server. Make sure to test carefully as otherwise server functionality might be at stake. Also make sure not to lock yourself out. I usually have a running SSH session + WHM at the same time, just to be safe.