Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall?
Follow

Created:

2016-11-16 13:03:06 UTC

Modified:

2017-06-27 08:48:06 UTC

31

Was this article helpful?


Have more questions?

Submit a request

Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall?

Applicable to:

  • Plesk for Windows
  • Plesk for Linux
  • Plesk

Resolution

Generally, the ports that need to be opened depend on the services running on a server.

General Plesk access port is 8443 for https connection and 8880 for http connection.

The possible ports that can be used by Plesk and its related services are listed below:

#20 ftp-data (TCP)
#21 ftp (TCP)
#22 ssh (TCP)
#25 smtp (TCP)
#53 dns (TCP and UDP)
#80 http (Web server and Plesk updater) (TCP)
#106 poppassd (for localhost only) (TCP)
#110 pop3 (TCP)
#113 auth (TCP)
#143 imap (TCP)
#443 https (TCP)
#465 smtps (TCP)
#587 mail message submission (TCP)
#953 rndc (TCP)
#990 ftps (TCP) 
#993 imaps (TCP)
#995 pop3s (TCP)
#1433 mssql (TCP) - Windows Only
#3306 mysql (TCP)
#3389 rdp (TCP) - Windows Only
#5224 (outgoing connections only) plesk-license-update (TCP)
#5432 postgres (TCP) - Linux Only
#6489 plesk migration agent (TCP) - Windows Only
#8401 sqladmin (TCP) - Windows Only
#8443 plesk-https (TCP)
#8447 autoinstaller (TCP)
#8880 plesk-http (TCP)
#12768 psa-pc-remote (for localhost only) (TCP) - Linux only, Postfix
#135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only

Since version 12.0 :

#4190 dovecot (TCP)
#6308 sw-cp-server (TCP)

Since version 12.5.30 for migration purposes:

#135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only
#1434 (TCP) and all (or manually selected) TCP ports for MS SQL, if it is used as a named instance

From version 9.0 to version 10.2 :

#11443 sw-cp-serverd (TCP)- Linux Only
#11444 sw-cp-serverd (TCP) - Linux Only

iptables command can be used to open ports. For example:

    iptables -A INPUT -p tcp --dport 21 -j ACCEPT

Additional Information:

  1. You may need to open and configure PassivePorts for FTP: #213390109

  2. Access to none of these ports should be denied in /etc/hosts.deny . If /etc/hosts.deny includes general access rules, then explicit allowing rules should be put to /etc/hosts.allow for all the ports mentioned (only the ports that accept incoming connections).

  3. The same rules also should be applied on any intermediate firewall/router that is between the Plesk server and an external network.

Have more questions? Submit a request

2 Comments

Date Votes
  • 0
    Avatar
    feralfruitfreak

    Nginx needs 7080 and 7081.  953 needs to be opened for the DNS server (named).  12443 may also be needed, "Parallels Customer and Business Manager payment gateways".

  • 0
    Avatar
    Lev Iurev

    Hi @feralfruitfreak, Nginx does not use 7080,7081 ports in Plesk, Apache uses it internally. Customer and Business Manager is not longer supported by Plesk.

Please sign in to leave a comment.