Sometimes, it’s confusing which server ports should be open when setting up a server. Hopefully, this introduction to the ports that I generally keep open on a WHM/cPanel server running web, database, email, etc. services will help. Within WHM/cPanel I use the ConfigServer Security & Firewall script to manage my firewall port access and server security.
Do keep in mind to only have the ports open that you need. If you’re not needing or running a particular service, turn off that service and disable the port.
Incoming TCP Ports
| Port | TCP | UDP | Description | Status |
|---|---|---|---|---|
| 20 | TCP | UDP | FTP—data transfer | Official |
| 21 | TCP | UDP | FTP—control (command) | Official |
| 22 | TCP | UDP | Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding | Official |
| 25 | TCP | Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers | Official | |
| 26 | TCP | UDP | Unassigned, often used as alternate SMTP | Official |
| 53 | TCP | UDP | Domain Name System (DNS) | Official |
| 80 | TCP | UDP | Hypertext Transfer Protocol (HTTP) | Official |
| 110 | TCP | Post Office Protocol v3 (POP3) | Official | |
| 143 | TCP | Internet Message Access Protocol (IMAP)—management of email messages | Official | |
| 443 | TCP | HTTPS (Hypertext Transfer Protocol over SSL/TLS) | Official | |
| 465 | TCP | SMTP over SSL | Unofficial | |
| 953 | TCP | UDP | Domain Name System (DNS) RNDC Service | Unofficial |
| 993 | TCP | Internet Message Access Protocol over SSL (IMAPS) | Official | |
| 995 | TCP | Post Office Protocol 3 over TLS/SSL (POP3S) | Official | |
| 2077 | TCP | Webdisk | Unofficial | |
| 2078 | TCP | Webdisk SSL | Unofficial | |
| 2082 | TCP | CPanel default | Unofficial | |
| 2083 | TCP | CPanel default SSL | Unofficial | |
| 2086 | TCP | WebHost Manager default | Unofficial | |
| 2087 | TCP | WebHost Manager default SSL | Unofficial | |
| 2095 | TCP | CPanel default Web mail | Unofficial | |
| 2096 | TCP | CPanel default SSL Web mail | Unofficial | |
| 30000:35000 | TCP | Needed pure-ftpd enabled PASV | Unofficial |
Outgoing TCP Ports
| Port | TCP | UDP | Description | Status |
|---|---|---|---|---|
| 20 | TCP | UDP | FTP—data transfer | Official |
| 21 | TCP | UDP | FTP—control (command) | Official |
| 22 | TCP | UDP | Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding | Official |
| 25 | TCP | Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers | Official | |
| 37 | TCP | UDP | TIME protocol | Official |
| 43 | TCP | WHOIS protocol | Official | |
| 53 | TCP | UDP | Domain Name System (DNS) | Official |
| 80 | TCP | UDP | Hypertext Transfer Protocol (HTTP) | Official |
| 110 | TCP | Post Office Protocol v3 (POP3) | Official | |
| 113 | TCP | UDP | ident—Authentication Service/Identification Protocol, used by IRC servers to identify users | Official |
| 143 | TCP | Internet Message Access Protocol (IMAP)—management of email messages | Official | |
| 443 | TCP | HTTPS (Hypertext Transfer Protocol over SSL/TLS) | Official | |
| 587 | TCP | e-mail message submission (SMTP) | Official | |
| 873 | TCP | UDP | rsync file synchronisation protocol | Official USA only |
| 995 | TCP | Post Office Protocol 3 over TLS/SSL (POP3S) | Official | |
| 2087 | TCP | WebHost Manager default SSL | Unofficial | |
| 2089 | TCP | cPanel License Update | Unofficial | |
| 2703 | TCP | 2703 Razor email scanning | Unofficial |
Incoming UDP Ports
| Port | TCP | UDP | Description | Status |
|---|---|---|---|---|
| 20 | TCP | UDP | FTP—data transfer | Official |
| 21 | TCP | UDP | FTP—control (command) | Official |
| 53 | TCP | UDP | Domain Name System (DNS) | Official |
Outgoing UDP Ports
| Port | TCP | UDP | Description | Status |
|---|---|---|---|---|
| 20 | TCP | UDP | FTP—data transfer | Official |
| 21 | TCP | UDP | FTP—control (command) | Official |
| 53 | TCP | UDP | Domain Name System (DNS) | Official |
| 113 | TCP | UDP | ident—Authentication Service/Identification Protocol, used by IRC servers to identify users | Official |
| 123 | UDP | Network Time Protocol (NTP)—used for time synchronization | Official | |
| 873 | TCP | UDP | rsync file synchronisation protocol | Official USA only |
| 6277 | UDP | Distributed Checksum Clearinghouses (anti-spam) | Unofficial |
If you’re just starting out, I highly recommend using the Medium pre-configured setting in ConfigServer Security & Firewall. You’ll stop much of the potential pains in being a server administrator while you learn more about adjusting it to your specific needs.
Port details referenced from List of TCP and UDP port numbers on Wikipedia.
Related Entries
About Michael Cannon
Hello, I'm Michael Cannon, Peichi's smiling man, an adventurous water-rat, chief technology officer, cyclist, poet, WWOOF'er and world traveler.
