Jul 25th, 2010
TCP and UDP incomming and Outgoing ports for Cpanel Server Firewall
TCP and UDP Ports for Cpanel Server Firewall
Incoming TCP ports
Outgoing TCP ports
Incoming UDP ports
Outgoing UDP ports
TCP and UDP Ports for Cpanel Server Firewall
Incoming TCP ports
Outgoing TCP ports
Incoming UDP ports
Outgoing UDP ports
Ports need to be opened for Plesk services
Generally it depends on what services are running on the server. All the default ports which can be used by Plesk/services are listed below:
If required you can always reset your default firewall settings via the AccountCenter.
Reference: http://parallels.com/
Changing Tomcat Java Connector Ports
The default port numbers for Coyote and Warp connectors in Parallels Plesk Panel are 9080 and 9008.
If you want Tomcat Java to work on other ports (e.g. 8090 and 8009), you should connect to the Parallels Plesk Panel database and add two parameters to the database as in the following example:
insert into misc (param,val) values (’warp_connector_port’, ‘8009′);
Note: It is recommended that you change the Tomcat Java ports right after Parallels Plesk Panel is installed on server, or prior to enabling the Tomcat Java service for your domains.
Configuring Firewall Pleask firewall ports
Make sure these ports are opened for all Parallels Plesk Panel services to work with a firewall:
* 20 for ftp-data;
* 21 for ftp;
* 22 for ssh;
* 25 for smtp;
* 53 for dns (TCP and UDP);
* 80 for http (web server and Parallels Plesk Panel updater);
* 106 for poppassd (for localhost only);
* 110 for pop3;
* 113 for auth;
* 143 for imap;
* 443 for https;
* 465 for smtps;
* 587 for mail message submission;
* 990 for ftps;
* 993 for imaps;
* 995 for pop3s;
* 3306 for mysql;
* 5224 for (outgoing connections only) plesk-license-update;
* 5432 for postgres;
* 8443 for plesk-https;
* 8880 for plesk-http;
* 9080 for tomcat;
* 5224 for license updates.
Detect and close network ports that are not needed.
To get a list of listening network ports (TCP and UDP sockets), you can run the following command:
# netstat -tulp
Using nmap
# nmap -sTU [remote_host]
Starting Nmap 4.53 ( http://insecure.org ) at 2009-10-18 04:55 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 3196 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
953/tcp open rndc
53/udp open|filtered domain
68/udp open|filtered dhcpc
5353/udp open|filtered zeroconf
Nmap done: 1 IP address (1 host up) scanned in 1.608 seconds
If you remove the UDP port scan (without the option “-U”), then nmap will finish the port scan immediately. If you run it on the local machine it will also complete very fast.
Also note that nmap might not show all listening network sockets if a firewall is being used to block ports.
Another method to list all of the TCP and UDP sockets to which programs are listening is lsof:
# lsof -i -n | egrep ‘COMMAND|LISTEN|UDP’
One of the most important tasks is to remove any network services from the system startup process that are not needed.
On Red Hat systems you can list all services which are started at bootup using the following command:
To permanently disable e.g. the runlevel service nfs, run:
To immediately disable the runlevel service nfs, run: