Articles in this section

See more

Which Ports Need To Be Opened for all Plesk Services to Work with a Firewall?

Avatar
Alexandr Tumanov
Updated
Follow

Applicable to:

  • Plesk for Windows
  • Plesk for Linux

Resolution

Generally, the ports that need to be opened depend on the services running on a server.

General Plesk access port is 8443 for https connection and 8880 for HTTP connection.

The possible ports that can be used by Plesk and its related services are listed below:

CONFIG_TEXT: #20 ftp-data (TCP)
#21 ftp (TCP)
#22 ssh (TCP)
#25 smtp (TCP)
#53 dns (TCP and UDP)
#80 http (Web server and Plesk updater) (TCP)
#106 poppassd (for localhost only) (TCP)
#110 pop3 (TCP)
#113 auth (TCP)
#143 imap (TCP)
#443 https (TCP)
#465 smtps (TCP)
#587 mail message submission (TCP)
#953 rndc (TCP)
#990 ftps (TCP)
#993 imaps (TCP)
#995 pop3s (TCP)
#1433 mssql (TCP) - Windows Only
#3306 mysql (TCP)
#3389 rdp (TCP) - Windows Only
#5224 (outgoing connections only) plesk-license-update (TCP)
#5432 postgres (TCP) - Linux Only
#6489 plesk migration agent (TCP) - Windows Only
#8401 sqladmin (TCP) - Windows Only
#8443 plesk-https (TCP)
#8447 autoinstaller (TCP)
#8880 plesk-http (TCP)
#12768 psa-pc-remote (for localhost only) (TCP) - Linux only, Postfix
#135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only

Since version 12.0 :

CONFIG_TEXT: #4190 dovecot (TCP)
#6308 sw-cp-server (TCP)

Since version 12.5.30 for migration purposes:

CONFIG_TEXT: #135, 139, 445 (TCP) ports for migration - Windows Only
#137, 138 (UPD) ports for migration - Windows Only
#10155 (TCP) for a custom Plesk Migrator service performing miscellaneous tasks - Windows Only
#10156 (TCP) for rsync server(migration) - Windows Only
#1434 (TCP) and all (or manually selected) TCP ports for MS SQL, if it is used as a named instance

From version 9.0 to version 10.2 :

CONFIG_TEXT: #11443 sw-cp-serverd (TCP)- Linux Only
#11444 sw-cp-serverd (TCP) - Linux Only

iptables command can be used to open ports while being connected via SSH . For example:

# iptables -A INPUT -p tcp --dport 21 -j ACCEPT

firewalld command:

# firewall-cmd --permanent --add-port=21/tcp
# firewall-cmd --reload

Additional Information:

  1. It may be required to open and configure PassivePorts for FTP:
    How to configure Passive FTP port range on Linux Server
    How to configure Passive FTP port range on Windows Server

  2. Access to none of these ports should be denied in /etc/hosts.deny . If /etc/hosts.deny includes general access rules, then explicit allowing rules should be put to /etc/hosts.allow for all the ports mentioned (only the ports that accept incoming connections).

  3. The same rules also should be applied on any intermediate firewall/router that is between the Plesk server and an external network.

Comments

2 comments

Sort by Date Votes
  • Avatar
    feralfruitfreak

    Nginx needs 7080 and 7081.  953 needs to be opened for the DNS server (named).  12443 may also be needed, "Parallels Customer and Business Manager payment gateways".

    0
    Permalink
  • Avatar
    Lev Iurev

    Hi @feralfruitfreak, Nginx does not use 7080,7081 ports in Plesk, Apache uses it internally. Customer and Business Manager is not longer supported by Plesk.

    0
    Permalink

Please sign in to leave a comment.

Related articles