(866) 366-3640 - support@sagonet.com
Sago Logo
Banner



   
Log in / create account Article Discussion History Go to the site toolbox
Ports to keep open

APF Conf File

# Common ingress (inbound) TCP ports 
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082, 
2083,2086,2087,2095,2096,3306,6666" 
 
# Common ingress (inbound) UDP ports 
IG_UDP_CPORTS="21,53,465,873" 
 
# Common ICMP (inbound) types 
# 'internals/icmp.types' for type definition; 'all' is wildcard for any 
IG_ICMP_TYPES="3,5,11,0,30,8" 
 
# Common egress (outbound) TCP ports 
EG_TCP_CPORTS="21,25,26,37,43,53,80,113,465,873,2089,3306" 
 
# Common egress (outbound) UDP ports 
EG_UDP_CPORTS="20,21,53,465,873" 
 
# Common ICMP (outbound) types 
# 'internals/icmp.types' for type definition; 'all' is wildcard for any 
EG_ICMP_TYPES="all"


Non APF Firewalls

Ports that must be open to run cPanel behind a firewall: 
 
port service protocol direction  
20 ftp tcp inbound/outbound 
21 ftp tcp,udp inbound/outbound 
22 ssh tcp inbound 
25 smtp tcp inbound/outbound 
26 smtp tcp inbound/outbound 
37 rdate tcp outbound 
43 whois tcp outbound 
53 DNS tcp/udp inbound/outbound 
(inbound is only needed if you run your own public DNS server you) 
80 http tcp inbound/outbound 
110 pop3 tcp inbound 
113 ident tcp outbound 
143 imap4 tcp inbound 
443 https tcp inbound 
465 smtp tls/ssl tcp/udp inbound/outbound 
873 rsync tcp/udp outbound 
993 imap4 ssl tcp inbound 
995 pop3 ssl tcp inbound 
2082 cpanel tcp inbound 
2083 cpanel ssl tcp inbound
2086 whm tcp inbound 
2087 whm ssl tcp inbound 
2089 cp licence tcp outbound 
2095 Webmail tcp inbound 
2096 Webmail SSL tcp inbound 
3306 mysql tcp (only if you need to connect remotely) 
6666 chat tcp inbound

IPTables

#Cpanel Specific Ports

iptables -A ptcp -p tcp --dport 206 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 208 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2082 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2083 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2086 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2087 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2095 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2096 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2083 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2080 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 2085 -m state --state NEW -j ACCEPT
iptables -A ptcp -p tcp --dport 8443 -m state --state NEW -j ACCEPT  

#/Cpanel Specific Ports
Retrieved from "http://kb.sagonet.com/Ports_to_keep_open"