BuycPanel Blog

BuycPanel Blog

Latest news and updates

Set Up Your Firewall for No-Hassle Use of cPanel and WHM Services

Posted by Jamison on 17 11 2016.

cPanel and WHM act both as installers and managers for many of the services on a system. To operate to their fullest, you need to connect many of these services to an external port. This said, you have to configure your firewall so that cPanel & WHM can open and use the ports these services have to run on.

 

Keep in mind though, that you do not want attacks on your system to happen, so only open ports that the services you want to use require. Also, to ensure your server does not lock you out or prohibit you from logging back in, make certain you configure your firewall in such a way that it includes a setting enabling you to log back in the server.

 

Port Security 101

 

Whenever possible, it is best you utilize each of the service’s appropriate SSL version. The primary reason for this is because using non-SSL services…

cPanel and WHM act both as installers and managers for many of the services on a system. To operate to their fullest, you need to connect many of these services to an external port. This said, you have to configure your firewall so that cPanel & WHM can open and use the ports these services have to run on.

 

Keep in mind though, that you do not want attacks on your system to happen, so only open ports that the services you want to use require. Also, to ensure your server does not lock you out or prohibit you from logging back in, make certain you configure your firewall in such a way that it includes a setting enabling you to log back in the server.

 

Port Security 101

 

Whenever possible, it is best you utilize each of the service’s appropriate SSL version. The primary reason for this is because using non-SSL services opens up opportunities for attackers and unscrupulous individuals to gain access to, intercept, or even steal sensitive information, such as your login credentials.

 

Also, prior to opening ports, make sure the services you want to use already have their SSL certificates installed in WHM’s Manage Service SSL Certificates interface.

 

Important notes on ports

 

Your system relies on many different ports for various services. However, some services require more attention and care, including the following:

 

  • FTP Port 20 and 21. Rather than regular FTP, use SFTP via SSH, since the latter has greater security.

 

  • SMTP Port 26. The only time cPanel and WHM uses this port is when you specify it via the WHM’s Service Manager interface.

 

  • Bind Port 53. When running on a public DNS server, cPanel and WHM have to use this port.

 

  • RazorScanner Port 2073. When you want to use the spam tracker RazorScanner, you have to open this port.

 

  • WebDAV Port 2077. The cPanel’s Web Disk interface utilizes this port.

 

  • WebDAV SSL Port 2078. Like the WebDAV Port 2077, the Web Disk interface of cPanel also uses this port.

 

  • CalDAV/CardDAV Port 2079/2080. To fully use the Calendar and Contacts feature of cPanel, you should have these ports opened.

 

  • MySQL Port 3306. When you require MySQL for remote database connections, open this port.

 

CSF Sample Firewall Configuration

 

ConfigServer allows WHM users free access and use of the CSF plugin, enabling them to modify iptables rules. This stateful packet inspection (SPI) firewall, also serves as a mechanism for logging in, detecting intrusions, and delivering general Linux-server security.

 

To make changes to CSF’s configuration, you can simply run it through WHM’s ConfigServer & Firewall interface.

 

APF Sample Firewall Configuration

 

APF serves as the iptables application’s frontend, allowing users to either open or close ports without having to rely on the iptables syntax.

 

Add these two rules to the /etc/apf/conf.apf file so that HTTP/HTTPS can access the system:

 

  • IG_TCP_CPORTS=”80,443″# Common egress (outbound) TCP ports
  • EG_TCP_CPORTS=”80″

 

CentOS 7, CloudLinux 7, and RHEL 7 Sample Firewall Configuration

 

When your servers run CentOS 7, CloudLinux 7, or RHEL 7 OS, you need to use the firewalld daemon.