Skip to main content

cPanel / WHM Services listen only on shared/primary IP address ?

Tcalp
Hey Guys, I was wondering how I would go about making cPanel/WHM services only available on the primary / shared IP. Namely that dedicated IP's it's not 'easy' to see that they have a cpanel/whm interface present.

Comments

1 comment

Date Votes
  • quizknows
    I usually do this with custom CSF rules. You can handle it 2 ways; one is leave the ports open in csf.conf, and use csf.deny to close them on the IPs you don't want them open on, the other is the opposite (close them in csf.conf, and use csf.allow to only open them on one IP). Before you do anything, make sure to whitelist your IP in csf.allow and restart csf. Don't lock yourself out of the box. You'll have to have someone in another location test for you, or use a phone or something that's not on your local wifi so it hits the server from another IP, since whitelisted IPs bypass closed ports. For the first example, leave the cPanel/WHM ports (i.e. 2082,2083,2086,2087, and so on) open in TCP_IN in csf.conf. In csf.deny, add these entries: tcp|in|d=2082|d=123.123.123.124 #"do not delete" tcp|in|d=2083|d=123.123.123.124 #"do not delete" tcp|in|d=2086|d=123.123.123.124 #"do not delete" tcp|in|d=2087|d=123.123.123.124 #"do not delete"
    This will close the cPanel/WHM ports for the ip 123.123.123.124 and leave them open on the other IPs assigned to the server. You can duplicate the lines and change the IP to close the ports for other IPs. For the second example, if you only want the ports open on one IP, in csf.conf, remove the cPanel/WHM ports you want closed for the rest of the IPs (i.e. 2082,2083,2086,2087) from the TCP_IN list. Then in csf.allow, add: tcp|in|d=2082|d=123.123.123.123 #"do not delete" tcp|in|d=2083|d=123.123.123.123 #"do not delete" tcp|in|d=2086|d=123.123.123.123 #"do not delete" tcp|in|d=2087|d=123.123.123.123 #"do not delete"
    Where 123.123.123.123 is the main IP of your server. This will allow those ports only on the specified IP. Run "csf -r" from a bash prompt and you're good to go.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post