DirectAdmin | New Server Checklist

FTP, SSH, SMTP, DNS, HTTP, POP3, IMAP, HTTPS and DirectAdmin#

FTP - 21
SSH - 22
Telnet (if you have it on) - 23
SMTP - 25
HTTP - 80
HTTPS: 443
POP3 - 110
IMAP - 143
DNS - 53
DirectAdmin - 2222

Passive FTP (information in post below)
49151
49152
49153
49154
49155
49156
49157
49158
49159
49160
49161

I think thats all directadmin needs open, any problems leave a message here :)



Chris
 
Last edited:
Here's my /etc/sysconfig/ipchains file (if you use iptables you'll have to do the conversion yourself)...

(and if you keep reading afterwards I'll tell you what all those ports from 49152 through 49161 are for)...
Code:
-A input -s 0/0 -d 0/0 143 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 113 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 113 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 2222 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 2222 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 123 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 66 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 66 -p udp  -j ACCEPT
-A input -s 0/0 -d 0/0 49152 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49153 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49154 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49155 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49156 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49157 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49158 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49159 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49160 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49161 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT
Those ports from 49151 through 49162 are left open for proftpd to be able to do passive ftp...

And here's the code you need to put into /etc/proftpd.conf to tell proftpd to use these open ports (I put it right after the Port line):
Code:
##### added to make passive transfer work
# use part of the IANA registered ephemeral port range
PassivePorts 49152 49161
####

Jeff
 
a few of them most users wont require, one i noticed on yours that is enabled on most firewalls although not required is

identd - 113

Chris
 
I visited the port 113 issue a few weeks ago and decided to leave it in for now. I don't run identd, though.

I don't see any others that are even questionable. Do you?

Jeff
 
Last edited:
i believe its not necessary to open port 123... apart from that it seems ok for the remainder of all DA users ;)

Chris
 
Port 123 is the network time protocol... you need it if you're going to synchronize for a time-server.

Some of these I've opened for both tcp and for udp, because I simply wasn't sure if both were needed or not.

Jeff
 
Fresh Install of Urchin web analytics software V5 added under statistics section.
 
just added:
-> Upgrade ProFTPd to fix recent exploit

added this a while back but forgot to put a notice up!
-> Upgrade OpenSSH to fix recent exploit

Chris
 
MRTG compile, configure and run now added, the list also tidied up a bit :)

Chris
 
added:

-> Provide a MySQL user with an additional database

under:

Add-ons & advice
 
added / updated the following:

-> Update PHP (4.3.4) using DA custom apache build system
-> Update apache (1.3.29) Using DA custom apache build system
-> Update Mod_SSL (2.8.16) Using DA custom apache build system

all 3 are updated using the same method (just follow 1 of the links) :D
 
new section been added to the list:

Known problems / bugs & fixes
 
Added the 'florida sun' skin from mindlash under the skins coming soon section
 
I will try and get a fresh HOWTO for APF over the next few days, i am currently working on a pre configured firewall for DirectAdmin.
 
Script to convert users to resellers & vice versa // added to add-ons and advice section.
 
Last edited:
Back
Top