Restrict 2086 / 2087 / 22 to PRIVATE IP (ETH1)

mferry

• January 25, 2015 12:04

Folks, Just throwing this idea out. Some of my WHM servers have two NICs. I have always used eth0 as a public IP and all services used over this IP. Including my WHM access and SSH. SSH is restricted to a few known public IPs (cPanel Support IPs and my NOC) I would like to start using eth1 on each server with a private IP (10.X.X.X) I would then like to have WHM (2086 / 2087) and SSH (22) only listen on this private IP. User accounts will always be using the public IP on eth0. cPanel access on 2083/2082, ftp 21, etc will all remain on the pubic IP. BUT from the public IP there would be no access to WHM or SSH. Is this wise? Can this be done? Thanks

• 

  24x7server

  • January 26, 2015 12:14

  Hello, I think it's not possible to enable WHM login in private IP and cPanel login on public IP, For the WHM security I will suggest you enable host access control list so that you can enable WHM login on IP base.

  0
• 

  mferry

  • January 26, 2015 13:06

  Thanks --- I didn't know the "Host Access Control" could limit WHM, cPanel, webmail, etc. I have always used HAC to limit SSH access. This is kinda what I am looking for. I would like to shut off the 2087, 2086, 22 ports 100% on the public side.

  0
• 

  cPanelMichael

  • January 26, 2015 18:40

  Hello :) I am happy to see the "Host Access Control" option was a sufficient solution. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.