In the opening of ports for ISPConfig it is necessary that our firewall is active, so we access our server and take the privileges of the root user.
List of ISPConfig ports
20 - TCP-UDP I/O-I/O FTP File transfers (data port)
21 - TCP-UDP I/O-I/O FTP File transfers (control port)
22 - TCP I/O SSH ssh, scp copy, sftp
25 - TCP I/O SMTP Outgoing email
53 - TCP-UDP I/O-I/O DNS Inbound is only needed if you run public DNS server
80 - TCP I/O HTTP Web server
110 - TCP I/O POP3 Incoming email
143 - TCP I IMAP4 Incoming email
443 - TCP I/O HTTPS Web server SSL
993 - TCP I IMAP4 Incoming email SSL
995 - TCP I POP3 Incoming email SSL
3306 - TCP I MySQL Database server
8080 - TCP I ISPConfig web interface
8081- TCP I ISPConfig apps vhost
Other ports
40110-40210 - TCP-UDP I/O-I/O PURE-FTP File transfers (control port)
1. We can check the status of our firewall with the following command.
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2020-07-22 18:20:17 BST; 17h ago
Docs: man:firewalld(1)
Main PID: 1015 (code=exited, status=0/SUCCESS)
2. Once it has been verified that our firewall is active we can execute the following list of the ports required by ISPConfig.
firewall-cmd --zone=public --add-port=20/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=25/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=110/tcp --permanent
firewall-cmd --zone=public --add-port=143/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=465/tcp --permanent
firewall-cmd --zone=public --add-port=587/tcp --permanent
firewall-cmd --zone=public --add-port=993/tcp --permanent
firewall-cmd --zone=public --add-port=995/tcp --permanent
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --add-port=8999/tcp --permanent
firewall-cmd --zone=public --add-port=8081/tcp --permanent
firewall-cmd --zone=public --add-port=10000/tcp --permanent
firewall-cmd --zone=public --add-port=40110/tcp --permanent
firewall-cmd --zone=public --add-port=40210/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=3306/udp --permanent
firewall-cmd --zone=public --add-port=8999/udp --permanent
firewall-cmd --zone=public --add-port=40110/udp --permanent
firewall-cmd --zone=public --add-port=40210/udp --permanent
firewall-cmd --zone=public --add-port=2345/tcp --permanent
Note: In the event that your firewall is not active, check the following guide to enable the Linux firewall.