This was written for CentOS 5.7 and WHM 11.30. While this may work on other operating environments, these are the server variables this was tested on.
For whatever reason, you may find you need to have specific ports open on your CentOS server to be able to access specific aspects of cPanel through your web browser.
Ports 2082 and 2083 are to access an account’s cPanel, 2083 being SSL.
Ports 2086 and 2087 are to access WHM, 2087 being SSL.
Ports 2095 and 2096 are to access Webmail, 2096 being SSL.
You will be needed to logged into your server in a terminal session as root to perform the commands required.
The following is copied from cPanel staff member Tristan.
If you are using iptables only as your firewall and you do have that default RH-Firewall-1-INPUT chain, which you can see if you run this command:
/sbin/iptables -n -L|grep RH-Firewall-1-INPUT
Then the following rules will add the cPanel ports for cPanel, WHM and Webmail, although there may be additional ports needing opened as mentioned in the previously provided link by Nick Jackson:
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT
Of note, if you only wish the secure ports to be opened for each of those services (cPanel, WHM and Webmail), then only use 2083, 2087 and 2096 for each command indicated.
Upon adding any rules to the firewall, please ensure to save the configuration or the entries will be wiped whenever the machine gets rebooted:
service iptables save
If you are blocked from cPanel access in iptables and it isn’t due to having the RH-Firewall-1-INPUT chain, you might try adding the rules at the top of the INPUT chain itself, which will occur before any later incoming chains:
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT
Some suggestions by other sites might be to use -A rather than -I, but -I will put the rule at the top of the chain. If there are later rules blocking access, then having the rules after the blocks will still not allow access to the ports, since any accept rules must proceed deny rules in order for the port to be opened.
END Tristan’s post.
You can type in the following to command to view the ports opened in iptables: