DirectAdmin | New Server Checklist

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
FTP, SSH, SMTP, DNS, HTTP, POP3, IMAP, HTTPS and DirectAdmin#

FTP - 21
SSH - 22
Telnet (if you have it on) - 23
SMTP - 25
HTTP - 80
HTTPS: 443
POP3 - 110
IMAP - 143
DNS - 53
DirectAdmin - 2222

Passive FTP (information in post below)
49151
49152
49153
49154
49155
49156
49157
49158
49159
49160
49161

I think thats all directadmin needs open, any problems leave a message here :)



Chris
 
Last edited:

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Here's my /etc/sysconfig/ipchains file (if you use iptables you'll have to do the conversion yourself)...

(and if you keep reading afterwards I'll tell you what all those ports from 49152 through 49161 are for)...
Code:
-A input -s 0/0 -d 0/0 143 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 113 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 113 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 2222 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 2222 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 123 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 66 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 66 -p udp  -j ACCEPT
-A input -s 0/0 -d 0/0 49152 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49153 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49154 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49155 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49156 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49157 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49158 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49159 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49160 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 49161 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT
Those ports from 49151 through 49162 are left open for proftpd to be able to do passive ftp...

And here's the code you need to put into /etc/proftpd.conf to tell proftpd to use these open ports (I put it right after the Port line):
Code:
##### added to make passive transfer work
# use part of the IANA registered ephemeral port range
PassivePorts 49152 49161
####
Jeff
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
a few of them most users wont require, one i noticed on yours that is enabled on most firewalls although not required is

identd - 113

Chris
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
I visited the port 113 issue a few weeks ago and decided to leave it in for now. I don't run identd, though.

I don't see any others that are even questionable. Do you?

Jeff
 
Last edited:

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
i believe its not necessary to open port 123... apart from that it seems ok for the remainder of all DA users ;)

Chris
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Port 123 is the network time protocol... you need it if you're going to synchronize for a time-server.

Some of these I've opened for both tcp and for udp, because I simply wasn't sure if both were needed or not.

Jeff
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Fresh Install of Urchin web analytics software V5 added under statistics section.
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
just added:
-> Upgrade ProFTPd to fix recent exploit

added this a while back but forgot to put a notice up!
-> Upgrade OpenSSH to fix recent exploit

Chris
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
MRTG compile, configure and run now added, the list also tidied up a bit :)

Chris
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
added:

-> Provide a MySQL user with an additional database

under:

Add-ons & advice
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
added / updated the following:

-> Update PHP (4.3.4) using DA custom apache build system
-> Update apache (1.3.29) Using DA custom apache build system
-> Update Mod_SSL (2.8.16) Using DA custom apache build system

all 3 are updated using the same method (just follow 1 of the links) :D
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
new section been added to the list:

Known problems / bugs & fixes
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Added the 'florida sun' skin from mindlash under the skins coming soon section
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
I will try and get a fresh HOWTO for APF over the next few days, i am currently working on a pre configured firewall for DirectAdmin.
 

ProWebUK

Verified User
Joined
Jun 9, 2003
Messages
2,326
Location
UK
Script to convert users to resellers & vice versa // added to add-ons and advice section.
 
Last edited:
Top