Archive for the tag 'ports'

TCP and UDP Ports for Cpanel Server Firewall

Incoming TCP ports

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,2242″

Outgoing TCP ports

TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703″

Incoming UDP ports

UDP_IN = “20,21,53″

Outgoing UDP ports

UDP_OUT = “20,21,53,113,123,873,6277″

Ports need to be opened for Plesk services

Generally it depends on what services are running on the server. All the default ports which can be used by Plesk/services are listed below:

#20 ftp-data
#21 ftp
#22 ssh
#25 smtp
#53 dns (TCP and UDP)
#80 http (web server and Plesk updater)
#106 poppassd (for localhost only)
#110 pop3
#113 auth
#143 imap
#443 https
#465 smtps
#587 mail message submission
#990 ftps
#993 imaps
#995 pop3s
#3306 mysql
#5224 (outgoing connections only) plesk-license-update
#5432 postgres
#8443 plesk-https
#8880 plesk-http
#9080 tomcat

If required you can always reset your default firewall settings via the AccountCenter.

Reference: http://parallels.com/

Changing Tomcat Java Connector Ports

The default port numbers for Coyote and Warp connectors in Parallels Plesk Panel are 9080 and 9008.

If you want Tomcat Java to work on other ports (e.g. 8090 and 8009), you should connect to the Parallels Plesk Panel database and add two parameters to the database as in the following example:

insert into misc (param,val) values (’coyote_connector_port’, ‘8090′);

insert into misc (param,val) values (’warp_connector_port’, ‘8009′);

Note: It is recommended that you change the Tomcat Java ports right after Parallels Plesk Panel is installed on server, or prior to enabling the Tomcat Java service for your domains.

SBDavid

Pleask firewall ports

Configuring Firewall Pleask firewall ports

Make sure these ports are opened for all Parallels Plesk Panel services to work with a firewall:

* 20 for ftp-data;
* 21 for ftp;
* 22 for ssh;
* 25 for smtp;
* 53 for dns (TCP and UDP);
* 80 for http (web server and Parallels Plesk Panel updater);
* 106 for poppassd (for localhost only);
* 110 for pop3;
* 113 for auth;
* 143 for imap;
* 443 for https;
* 465 for smtps;
* 587 for mail message submission;
* 990 for ftps;
* 993 for imaps;
* 995 for pop3s;
* 3306 for mysql;
* 5224 for (outgoing connections only) plesk-license-update;
* 5432 for postgres;
* 8443 for plesk-https;
* 8880 for plesk-http;
* 9080 for tomcat;
* 5224 for license updates.

Detect and close network ports that are not needed.

To get a list of listening network ports (TCP and UDP sockets), you can run the following command:

# netstat -tulp

# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.locald:domain *:* LISTEN 4521/named
tcp 0 0 localhost.localdoma:953 *:* LISTEN 4521/named
tcp6 0 0 [::]:ssh [::]:* LISTEN 4553/sshd
tcp6 0 0 ::1%134628752:953 [::]:* LISTEN 4521/named
udp 0 0 *:domain *:* 4521/named
udp 0 0 localhost.locald:domain *:* 4521/named
udp 0 0 *:bootpc *:* 4884/dhclient
udp 0 0 *:34787 *:* 4574/avahi-daemon:
udp 0 0 *:mdns *:* 4574/avahi-daemon:
udp6 0 0 [::]:38224 [::]:* 4521/named

Using nmap

# nmap -sTU [remote_host]

# nmap -sTU 127.0.0.1

Starting Nmap 4.53 ( http://insecure.org ) at 2009-10-18 04:55 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 3196 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
953/tcp open rndc
53/udp open|filtered domain
68/udp open|filtered dhcpc
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.608 seconds

If you remove the UDP port scan (without the option “-U”), then nmap will finish the port scan immediately. If you run it on the local machine it will also complete very fast.

Also note that nmap might not show all listening network sockets if a firewall is being used to block ports.

Another method to list all of the TCP and UDP sockets to which programs are listening is lsof:

# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’

# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 4521 bind 20u IPv4 12381 TCP 127.0.0.1:domain (LISTEN)
named 4521 bind 21u IPv4 12392 TCP 127.0.0.1:953 (LISTEN)
named 4521 bind 22u IPv6 12393 TCP [::1]:953 (LISTEN)
named 4521 bind 512u IPv4 12380 UDP 127.0.0.1:domain
named 4521 bind 513u IPv4 12382 UDP *:domain
named 4521 bind 514u IPv6 12383 UDP *:38224
sshd 4553 root 3u IPv6 12423 TCP *:ssh (LISTEN)
avahi-dae 4574 avahi 14u IPv4 12466 UDP *:mdns
avahi-dae 4574 avahi 15u IPv4 12467 UDP *:34787
dhclient 4884 dhcp 6u IPv4 13547 UDP *:bootpc

One of the most important tasks is to remove any network services from the system startup process that are not needed.

On Red Hat systems you can list all services which are started at bootup using the following command:

chkconfig –list |grep on

To permanently disable e.g. the runlevel service nfs, run:

chkconfig nfs off

To immediately disable the runlevel service nfs, run:

/etc/init.d/nfs stop

Next »