🔌 port-allocation

Complete reference matrix of all TCP/UDP ports utilized by the Onifast self-contained hosting ecosystem.

CRITICAL WARNING
Internal ports (4030, 4031, 4032, 4033) must NEVER be exposed directly to the public internet. They are designed for loopback binding or proxy mappings from the panel core only.

All Ecosystem Ports

Port Service Daemon Protocol Visibility Scope Description
80 onifast-web TCP Public Plain HTTP traffic for all hosted domains (redirectable)
443 onifast-web TCP Public TLS-terminated HTTPS traffic for all hosted domains
25 onifast-mail TCP Public SMTP inbound delivery MTA + mail relay
53 onifast-dns UDP+TCP Public Authoritative DNS query resolution handler
587 onifast-mail TCP Public Authenticated SMTP client submission port
2121 onifast-ftp TCP Public FTP command control connection listener
4048 onifast-panel TCP Public Root Admin Panel HTTP (non-SSL fallback login)
4049 onifast-panel TCP Public Client/User Panel HTTP (non-SSL & SSL setup portal)
4050 onifast-panel TCP Public Root Admin Panel HTTPS — primary administrative access hub
4051 onifast-panel TCP Public Client/User Panel HTTPS — client user account access
4052 onifast-relay TCP Public Unified Gateway (WebSocket tunnel dial-in + Smart TCP routing)
4053 onifast-relay TCP Public Web Proxy Output (forwards public HTTP/HTTPS traffic to agents)
30000–30100 onifast-ftp TCP Public FTP Passive data transfer range (required for file uploads/downloads)
4030 onifast-web TCP Internal ACME SSL generation API (localhost HTTP-01 challenges only)
4031 onifast-mail TCP Proxied Webmail UI + HTTP API (proxied via panel as /mail)
4032 onifast-s3 TCP Proxied S3 API + Web UI (proxied via panel as /s3)
4033 onifast-billing TCP Proxied Billing API + UI (proxied, needs reverse proxy mappings)

Ecosystem Access Mappings

Service Daemon Standard Dial URL / Command
Root Admin Panel https://your-domain:4050
Client/User Panel https://your-domain:4051
Root phpMyAdmin https://your-domain:4050/phpmyadmin
Local S3 Explorer https://your-domain:4050/s3 (proxied silently via panel)
Webmail Client https://your-domain:4050/mail (proxied silently via panel)
Hosted Websites http://your-domain / https://your-domain
FTP Service ftp://your-domain:2121 (requires passive range enabled)
Authoritative DNS dig @your-domain example.com
Relay Gateway status http://gateway:4052/status

UFW Firewall Rules

bash 
# Panel ports
sudo ufw allow 4048:4051/tcp

# Web ports
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Mail ports
sudo ufw allow 25/tcp
sudo ufw allow 587/tcp

# FTP control + passive data ranges
sudo ufw allow 2121/tcp
sudo ufw allow 30000:30100/tcp

# Authoritative DNS query channels
sudo ufw allow 53/tcp
sudo ufw allow 53/udp

# Relay tunnel gateway ports
sudo ufw allow 4052/tcp
sudo ufw allow 4053/tcp

# Reload firewall
sudo ufw reload

iptables Firewall Rules

bash 
# Panel
iptables -A INPUT -p tcp --dport 4048:4051 -j ACCEPT

# Web
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Mail
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT

# FTP
iptables -A INPUT -p tcp --dport 2121 -j ACCEPT
iptables -A INPUT -p tcp --dport 30000:30100 -j ACCEPT

# DNS
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

# Relay
iptables -A INPUT -p tcp --dport 4052 -j ACCEPT
iptables -A INPUT -p tcp --dport 4053 -j ACCEPT

Checking Port Listeners

Use lsof to verify which services are active on specific ports:

bash 
# Check active panel listener
sudo lsof -i :4050

# Check web server sockets
sudo lsof -i :80
sudo lsof -i :443

# Check FTP controller
sudo lsof -i :2121

# Check authoritative DNS
sudo lsof -i :53

# Check Relay gateway
sudo lsof -i :4052

Health Checks & Diagnostic curls

Test that active loops are responding to local queries:

bash 
# Check panel response
curl -k https://localhost:4050

# Check web server response
curl -I http://localhost:80

# Check FTP handshake
telnet localhost 2121

# Check DNS resolution
dig @localhost example.com
Copied snippet to clipboard!