Sometimes, it’s confusing which server ports should be open when setting up a server. Hopefully, this introduction to the ports that I generally keep open on a WHM/cPanel server running web, database, email, etc. services will help. Within WHM/cPanel I use the ConfigServer Security & Firewall script to manage my firewall port access and server security.
Do keep in mind to only have the ports open that you need. If you’re not needing or running a particular service, turn off that service and disable the port.
Incoming TCP Ports
Port | TCP | UDP | Description | Status |
---|---|---|---|---|
20 | TCP | UDP | FTP—data transfer | Official |
21 | TCP | UDP | FTP—control (command) | Official |
22 | TCP | UDP | Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding | Official |
25 | TCP | Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers | Official | |
26 | TCP | UDP | Unassigned, often used as alternate SMTP | Official |
53 | TCP | UDP | Domain Name System (DNS) | Official |
80 | TCP | UDP | Hypertext Transfer Protocol (HTTP) | Official |
110 | TCP | Post Office Protocol v3 (POP3) | Official | |
143 | TCP | Internet Message Access Protocol (IMAP)—management of email messages | Official | |
443 | TCP | HTTPS (Hypertext Transfer Protocol over SSL/TLS) | Official | |
465 | TCP | SMTP over SSL | Unofficial | |
953 | TCP | UDP | Domain Name System (DNS) RNDC Service | Unofficial |
993 | TCP | Internet Message Access Protocol over SSL (IMAPS) | Official | |
995 | TCP | Post Office Protocol 3 over TLS/SSL (POP3S) | Official | |
2077 | TCP | Webdisk | Unofficial | |
2078 | TCP | Webdisk SSL | Unofficial | |
2082 | TCP | CPanel default | Unofficial | |
2083 | TCP | CPanel default SSL | Unofficial | |
2086 | TCP | WebHost Manager default | Unofficial | |
2087 | TCP | WebHost Manager default SSL | Unofficial | |
2095 | TCP | CPanel default Web mail | Unofficial | |
2096 | TCP | CPanel default SSL Web mail | Unofficial | |
30000:35000 | TCP | Needed pure-ftpd enabled PASV | Unofficial |
Outgoing TCP Ports
Port | TCP | UDP | Description | Status |
---|---|---|---|---|
20 | TCP | UDP | FTP—data transfer | Official |
21 | TCP | UDP | FTP—control (command) | Official |
22 | TCP | UDP | Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding | Official |
25 | TCP | Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers | Official | |
37 | TCP | UDP | TIME protocol | Official |
43 | TCP | WHOIS protocol | Official | |
53 | TCP | UDP | Domain Name System (DNS) | Official |
80 | TCP | UDP | Hypertext Transfer Protocol (HTTP) | Official |
110 | TCP | Post Office Protocol v3 (POP3) | Official | |
113 | TCP | UDP | ident—Authentication Service/Identification Protocol, used by IRC servers to identify users | Official |
143 | TCP | Internet Message Access Protocol (IMAP)—management of email messages | Official | |
443 | TCP | HTTPS (Hypertext Transfer Protocol over SSL/TLS) | Official | |
587 | TCP | e-mail message submission (SMTP) | Official | |
873 | TCP | UDP | rsync file synchronisation protocol | Official USA only |
995 | TCP | Post Office Protocol 3 over TLS/SSL (POP3S) | Official | |
2087 | TCP | WebHost Manager default SSL | Unofficial | |
2089 | TCP | cPanel License Update | Unofficial | |
2703 | TCP | 2703 Razor email scanning | Unofficial |
Incoming UDP Ports
Port | TCP | UDP | Description | Status |
---|---|---|---|---|
20 | TCP | UDP | FTP—data transfer | Official |
21 | TCP | UDP | FTP—control (command) | Official |
53 | TCP | UDP | Domain Name System (DNS) | Official |
Outgoing UDP Ports
Port | TCP | UDP | Description | Status |
---|---|---|---|---|
20 | TCP | UDP | FTP—data transfer | Official |
21 | TCP | UDP | FTP—control (command) | Official |
53 | TCP | UDP | Domain Name System (DNS) | Official |
113 | TCP | UDP | ident—Authentication Service/Identification Protocol, used by IRC servers to identify users | Official |
123 | UDP | Network Time Protocol (NTP)—used for time synchronization | Official | |
873 | TCP | UDP | rsync file synchronisation protocol | Official USA only |
6277 | UDP | Distributed Checksum Clearinghouses (anti-spam) | Unofficial |
If you’re just starting out, I highly recommend using the Medium pre-configured setting in ConfigServer Security & Firewall. You’ll stop much of the potential pains in being a server administrator while you learn more about adjusting it to your specific needs.
Port details referenced from List of TCP and UDP port numbers on Wikipedia.