NAT/Firewall : when will it be possible ?

R

Roman2K

Verified User
Joined
Feb 16, 2005
Messages
11
Hi all,

I'm very very interested in buying a liscence of DirectAdmin.

I have a LAN and one of the computer, behind a Linksys WRT54GS router (so using NAT and a built-in firewall), would be a server where I want to install DirectAdmin (for a mutualized hosting).

But I read in many places in the forum that it is impossible to run DirectAdmin behind a NAT/firewall :confused:.

The server as an internal IP# like 192.168.0.x and I have one external static IP# that I have been given by my ISP. I can set this computer to be a DMZ serverif it can help using DA.

When will it be possible ?
It's really surprising that it is still not possible.

Thanks in advance.
 
In my opinion, it won't ever be possible.

If DA issued a license for a "private" internet address, then it could be used multiple times by anyone using Network Address translation.

DirectAdmin would have to use a completely different licensing/protection scheme to issue license for private IP#s.

Though I don't work for DirectAdmin and I'm speaking only for myself, I don't expect it to happen.

Jeff
 
Thank you for your answer.
That is a really bad point for DirectAdmin :(.
What panel do you advise me to use that is as good as DirectAdmin, runs on Debian or FreeBSD, and less than 300$ for a lifetime liscence ?
Thanks.
 
I do not *think* any major control panel supports what you are asking. All of them are the same or have similar licensing to DirectAdmin.
 
Plesk 5 is not tied to any IP#. I have no idea if it will work on private IP space or not, but I know it's not tied to a specific IP#.

And I don't know about future versions of Plesk since we gave up our Gold Partnership while Plesk 5 was still current.

Jeff
 
And for everyone's good, I hope that DA does not use Microsofts licensing method which requires reactivation with any hardware changes. (I should not have to reactivate my software just because I upgrade my processor or ram)
 
I don't have any experience with cpanel, but following is quoted from
http://www.cpanel.net/dist.cgi



All Licenses are per server with unlimited domains. To qualify for licensing your IP must be publicly-visible and static. Please do not request licensing for dialup or dynamic IP cable modems (dyndns, DHCP, etc). If your server is behind a firewall/router, please provide the external IP. Licensing issued directly through us is transferable by emailing [email protected].



The above instruction give me an impression that cpanel can work behind a firewall as long as you can provide the public ip NATed to the internal server.
 
pkilam said:
The above instruction give me an impression that cpanel can work behind a firewall as long as you can provide the public ip NATed to the internal server.
Click to expand...

You should be able to do the same thing with DirectAdmin, I haven't tried it though, but in theory...
 
DirectAdmin will not work on an internal IP#.

It will only work on an external (public) IP#.

If you supply your router's external IP# when purchasing DirectAdmin it will still not work unless you uninstall your router and install DA on your line instead.

If you have multiple static IP#s you can put a switch between your DSL/Cable Modem and run DA on one or more of your static IP#s while running your internal network on one static IP# through your router.

That's how we do it here at our office, and for our testbed server. Of course our dedicated rental servers are at a real datacenter.

Jeff
 
What an annoying method of liscence verification !
I really should find another way to ensure that the guy who bought the liscence doesn't make copies. Because of this, I'm sure there are many people who can't use DirectAdmin...
When will you change this way of verification please ? CPanel has not this type of liscence checking so it must be doable in another way.
 
Roman2K said:
When will you change this way of verification please ?
Click to expand...
Who do you address your use of "you" to? No one from JBMC (the company that writes DA) has posted on this thread.

I'd suggest writing their sales department.

I wouldn't expect them to change the licensing method just for you though.

Jeff
 
jlasman said:
Who do you address your use of "you" to? No one from JBMC (the company that writes DA) has posted on this thread.

I'd suggest writing their sales department.

I wouldn't expect them to change the licensing method just for you though.

Jeff
Click to expand...
I thought you were from JBMC because of the "Super Moderator".
I really don't think it is just my though.
 
Read my siglines :) and you'll see I'm simply a user like you, who is also in the business of supporting DirectAdmin.

I appreciate the trust JBMC has put in me by allowing me to be a moderator, and I try to do my best.

I did write the exim.conf file currently distributed with DA, and I hope to add other features in the future as my time permits and as the folk at JBMC allow.

My understanding is that it would be quite a bit of work to change the licensing model.

Do you have a thought as to what licensing model you'd like to see which would allow DA to work on private IP space and still allow JBMC the security they need? Please don't just mention another company; I have no idea how any model works inside, and what I'm looking for is a functional description of the code required.

Jeff
 
jlasman said:
Do you have a thought as to what licensing model you'd like to see which would allow DA to work on private IP space and still allow JBMC the security they need? Please don't just mention another company; I have no idea how any model works inside, and what I'm looking for is a functional description of the code required.
Click to expand...
To check if DA isn't used by other people than the buyer, or the buyer's family :
Why not traceroute a certain host every X hours ?
If in the result of the traceroute you find the internet IP given during the buying procedure, then the IP is verified and the 1st condition is TRUE.

Then, to see if there are no several copies of DA running :
Every Y hours, open a remote php script (on JBMC's server for example) to send a key the buyer has received. If the key is valid, then check if it has not been sent 2 times for this cycle (of Y hours), if not, the 2nd condition is TRUE.

If the two conditions are TRUE, the program is allowed to work.

What do you think about that ?
 
Last edited:
Just hash the motherboard like Windows XP does -- if that hash changes (i.e. installing multiple copies), then the master hash (held by DA) will not match up.

Easy. That way people can actually have decent environments where the webserver isn't facing the internet with no firewall in between.

I'd rather be inconvenienced by "re-activating" the software every time i change my motherboard then not being able to have a firewall in between the web server and the internet.
 
Responding to a rather old post aren't you.

I have already posted instructions on how to use DA behind a NAT/firewall.
 
You must log in or register to reply here.
Back
Top