• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

How to access my CP from behind a firewall.

N

nerbonne

Guest
How to: Accessing your control panel from behind a firewall.

Ok, here is the scenario:

I am behind a work firewall.

I don't know what outgoing ports are open except that websites on port 80 will work, any sites on a non standard port will not.

My control panel port is https://url:8443

I know how to change the port using the iptables method mentioned elsewhere on this forum.

My problem is that I can't find a port to put it on that will work with the firewall. Obviously, I can't put it on port 80 since apache is already running on that port.

Or could I put an IPtables rule that maps port 80 traffice for a certain IP or domain to port 8443? Any solution to this would be so awesome.

Thanks.
 
You'll need to find an open port in your company's firewall. If there is none, I guess you're out of luck.
 
Actually, I got it figured out. If you have more than one IP, you can use one with the following example to make it work for that IP only.

iptables -t nat -A PREROUTING -p tcp -d ip_here --dport 80 -j DNAT --to ip_here:8443
 
One thing that I should add though since it just F'd my server for two days while I figured it out.

It is ok to use this work around as a temporary fix, but you must remove the rule before you restart httpd or reboot the server. Otherwise, it will conflict with the httpd service and cause excessive disk i/o
 
You could also have used an SSH tunnel to your server to access tcp 8443, thus you'd point your browser to https://localhost:8443/ and your SSH client would forward traffic to your server's IP port 8443. That is of course assuming that they have SSH (tcp 22) opened up through your firewall. Most companies do. SSH Tunneling is only good for TCP traffic but it's gotten me out of a pinch MANY times. The other option is an external web proxy that runs on port 80. The work around you came up with is one I would have thought to use immediately, but of course you burn an IP in the process. Many people with dedicated servers might only have 1 IP on their machine and are virtual hosting off of it, so that would not be a viable option for them.

Thanks,
James
 
I like your idea of the SSH tunnel. I do have SSH access, so this would be a viable option. What software do you recommend for this?
 
I use SecureCRT on Winblows which isn't free, but theres Putty among others. If you're on a *Nix or Mac OSX machine you can just use ssh -L 8443:servernameorip:8443 sshhost

Leave the session open and you'll have a local tunnel.

J
 
You must log in or register to reply here.

Similar threads

G
Question Can vhost template in Plesk be configured to wildcard IPs?
Replies
0
Views
415
GrZeCh
G
C
Question Securing Docker ports to local access only with firewalld
Replies
8
Views
5K
captainhook
C
M
Issue Can't open Port 25. Please help
Replies
2
Views
257
mhogue
M
G
Resolved I can't Access my Plesk server
Replies
5
Views
4K
372D
3
AndyM
Question How to apply an SSL Let's Encrypt certificate to a custom port?
Replies
4
Views
3K
AndyM
AndyM
Back
Top