Which ports should be opened in the firewall on a Plesk server?

Question

Which ports should be opened in the firewall on a Plesk server?

Answer

Depending on the services running on a Plesk server, the list of ports that need to be opened in the firewall varies.

The ports listed below are the common ports used by Plesk and related services. However, it is important to open only those ports and services that are actually in use and that you wish to expose to the Internet.

Warning: Unnecessary open ports can be a security risk.

Your infrastructure may be equipped with both an internal Plesk firewall installed locally on your server and an external firewall (e.g. operated by your service provider). Therefore, any changes you make should be reflected in both firewalls so that both firewalls can ensure proper communication and security of your server.

Plesk interface uses port 8443 for HTTPS connections and 8880 for HTTP connections.

Other ports that are used by Plesk and related services:

• 20 - FTP data transfer for active mode (TCP)

• 21 - FTP (TCP)

• 22 - SSH (TCP) - Linux only

• 25 - SMTP (TCP)

  This is the traditional port used for SMTP, primarily for server-to-server email transmission. It's used for the relay of outbound mail from one server to another. However, due to widespread abuse by spammers, many ISPs and hosting providers have started to block or restrict its use for outbound mail from residential ISPs or non-authorized servers.

• 53 - DNS (TCP and UDP)

• 80 - HTTP (TCP)

• 110 - POP3 (TCP)

• 123 - NTP (UDP)

• 143 - IMAP (TCP)

• 443 - HTTPS (TCP) (mandatory for Plesk licensing server connections)

• 465 - SMTPS (TCP)

• 587 - SMTP (Submission) (TCP)

  This port is used for SMTP Submission, specifically for client-to-server email submission. It's the recommended port for applications and mail clients to submit outgoing emails to a mail server for further delivery. Port 587 typically requires authentication and can be secured using STARTTLS. It's designed to be a safer alternative to port 25, allowing legitimate users to send emails while preventing spam.

• 953 - RNDC (TCP)

• 990 - FTPS (TCP)

• 993 - IMAPS (TCP)

• 995 - POP3S (TCP)

• 1433 - Microsoft SQL (for remote connections) (TCP) - Windows only

• 3306 - MySQL (for remote connections) (TCP)

• 3389 - RDP (TCP) - Windows only

• 5432 - PostgreSQL (TCP) - Linux only

• 8401 - SQL Admin (TCP) - Windows only

• 8443 - Plesk HTTPS (TCP)

• 8447 - Plesk Installer (TCP)

• 8880 - Plesk HTTP (TCP)

• 49152-65535 - (TCP) for FTP passive mode - incoming connections only

Additional ports

• 135, 139, 445 - (TCP) for migration - Windows only

• 137, 138 - (UPD) for migration - Windows only

• 10155 - (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows only

• 10156 - (TCP) for rsync server (migration) - Windows only

• 49152-65535 - (TCP) for FTP passive mode - incoming connections only