Virtualizor is a great way to manage virtual servers. It comes with a panel where server tasks are just a click away.

But, ensuring security is really critical in Virtualizor servers. And, the popular option is to setup Virtualizor firewall.

Unfortunately, bad firewall often create problems on Virtualizor server.

That’s why, we often get requests from our customers to setup Virtualizor firewall as part of our Infrastructure Management Services.

Today, we’ll see how our Dedicated Engineers setup Virtualizor firewall and solve errors with them.

Why do we need firewall in Virtualizor?

Firstly, let’s check on the need for firewall on a Virtualizor. A firewall can bring in effective restriction on service ports of Virtualizor. For example, some customers may want only a few IP addresses to access the web panel. Or some may try to restrict mail access on the server to certain users.

Again, firewall can help to close down unused ports on the server. Thus, it works well to avoid port based attacks too.

Different ways to enable Virtualizor firewall

Now, let’s see the different methods to enable firewall in Virtualizor. We can either use the built-in firewall or configure 3rd party firewall programs in the Virtualizor server. We’ll now see the steps that our Dedicated Engineers take to ensure the proper working of firewall in the server.

1. Inbuilt firewall

Luckily, Virtualizor comes with a firewall option. This is based on the iptables module. Usually, manually adding iptables rules can be tedious to non techie customers. Fortunately, Virtualizor panel offers an easy interface to manage the firewall. It has simple options to add a rule, remove a rule, check the firewall rules and many more.

However, to make use of the Firewall Services, our Dedicated Engineers always ensure that the Firewall is enabled on the server. To do this, we click on the ‘Firewall Enable‘ button in the Firewall Services page.

The Firewall Services page in Virtualizor looks as shown in the picture below.

In short, the Firewall interface help customers to avoid the use of complex iptable rules. Still, Virtualizor supports adding rules via command-line too. This comes handy when adding multiple rules at a time. Our Support Engineers use scripts to add rules in a batch. And, we always double check the rules prior to enabling them on live servers.

2. Using firewall programs

Similarly, another method to enable Firewall on Virtualizor is to use 3rd party firewall programs. As a result, customers can choose a firewall program of their choice.

The popular firewall programs that customers use include Configserver Security and Firewall (CSF), Uncomplicated Firewall (UFW), etc.

We’ll now take a look at the steps that we take to enable CSF on Virtualizor.

Our Dedicated Engineers download and install the CSF package on the Virtualizor server first. Then, we proceed with editing the configuration file at /etc/csf/csf.conf. For example, the changes include opening ports in the range 4082 – 4085 for Virtualizor web panel access, restricting web panel access to certain specific IP address, etc. Again, to enable vnc access, we open port range 5900 – 7000.
Finally, we add iptables forwarding rules for Virtualizor work with csf.

To ensure additional security, our Support Engineers always recommend customers to use a VPN to connect to the Virtualizor panel. As a result, it will always keep the same IP address and helps to manage the server from anywhere.

Common errors with Virtualizor firewall and fixes

Although, the set up of Virtualizor firewall is rather easy, we often see customers experiencing problems with firewall rules. Let’s now check the top problems and their fixes.

1. Panel appears offline

Often, after configuring the firewall, the Virtualizor panel may look offline to customers. This usually happens due to the wrong port configuration in the Virtualizor firewall. For the the panel to work properly, the firewall on the slave server also should be working.

Recently, when one of our customers reported problems with Virtualizor panel, it was the slave firewall that was causing the error. To fix it, our Dedicated Engineers had to allow the Master server IP on the slave server and also allow port range 4081-4085.

2. ERR_CONNECTION_REFUSED

Similarly, Virtualizor firewall can also cause problems in some of the applications in the server too. Usually, this happens when the users forget to open the relevant service ports in the firewall.

For example, installing cPanel on Virtualizor server is pretty easy. But, if the ports 2082, 2083, 2086, 2087 are not open on the server, when you access cPanel or WHM in the browser, it will show the error “ERR_CONNECTION_REFUSED“.

Here, to fix the problem, our Dedicated Engineers manually add the iptables rules to open the relevant ports in the Virtualizor firewall. Additionally, we check the ports listening on the server using the command:

netstat -tulpn 

This would give us an idea on the exact services listening on each port.

[Do you need help with Virtualizor firewall? Our Virtualization Engineers can help you here.]

Conclusion

In a nutshell, maintaining security in virtual servers becomes rather easy with Virtualizor firewall. But, wrong rules can block your own access to the server. Today, we saw how our Support Engineers setup Virtualizor firewall correctly and fix common errors with it.