Allows you to search a variety of questions and answers
NOTE: Parts of this tutorial may be outdated. Please do a search on Google if something is not working right or contact us.
To install APF, SSH into server and login as root.
At command prompt type: cd /root/
At command prompt type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
At command prompt type: tar -xvzf apf-current.tar.gz
At command prompt type: rm -f apf-current.tar.gz
At command prompt type: cd apf-0.9.4-6
At command prompt type: sh ./install.sh
After APF has been installed, you need to edit the configuration file.
At command prompt type: cd /etc/apf
At command prompt type: pico -w conf.apf
Scroll down and find
USE_DS="0"
change it to
USE_DS="1"
Now scroll down and configure the Ports. The following ports are required for CPanel:
Code:
Common ingress (inbound) TCP ports IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993, 995,2082,2083,2 084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
Note: If you changed the port for SSH, be sure to include that port and remove port 22.
-----
21 FTP (TCP)
22 SSH (TCP)
25 SMTP (TCP)
53 DNS - Domain Name Server (TCP)
80 HTTP (TCP)
110 POP3 (TCP)
143 IMAP (TCP)
443 HTTPS (TCP)
465 sSMTP (TCP)
953 ??BIND??
993 IMAP4 protocol over TLS/SSL (TCP)
995 POP3 protocol over TLS/SSL (was spop3) (TCP)
2082 CPANEL (http://sitename.com:2082) (TCP)
2083 CPANEL SSL (https://sitename.com:2083) (TCP)
2084 entropychat server (disable from CPANEL service manager if not used) (TCP)
2086 WHM (http://sitename.com:2086) (TCP)
2087 WHM SSL (https://sitename.com:2087) (TCP)
2095 WebMail (http://sitename.com:2095) (TCP)
2096 WebMail SSL (https://sitename.com:2096)
3306 mySQL remote access (TCP)
6666 Melange chat Server (disable from CPANEL service manager if not used) (TCP)
7786 Interchange (TCP)
3000_3500
-----
5100 for ASP,
8080 and 8443 for JSP if you use them.
-----
Code:
Common ingress (inbound) UDP ports IG_UDP_CPORTS="53,6277
-----
53 DNS - Domain Name Server
6277 SpamAssassin / DCC (email scanning)
-----
Code:
Common ICMP (inbound) types IG_ICMP_TYPES="3,5,11,0,30,8"
-----
0 Echo Reply
3 Destination Unreachable
5 Destination Unreachable
8 Echo
11 Time Exceeded
30 Traceroute
-----
Code:
Common egress (outbound) TCP ports EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43, 873,953,2089,27 03,3306"
-----
21 FTP
25 SMTP
37 Required for CPANEL Licensing
53 DNS - Domain Name Server
80 HTTP
110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk)
113 Authentication Protocol (AUTH)
123 NTP (Network Time)
443 HTTPS
43 WHOIS
873 rsync (CPanel updates)
953 BIND ??
2089 Required for CPANEL Licensing
2703 Razor (email scanning)
3306 mySQL remote access
-----
Code:
Common egress (outbound) UDP ports EG_UDP_CPORTS="20,21,53,873,953,6277"
-----
20 ftp-data
21 FTP
53 DNS - Domain Name Server
873 rsync
953 BIND ??
6277 SpamAssassin / DCC (email scanning)
-----
Code:
Common ICMP (outbound) types EG_ICMP_TYPES="all"
Save the changes then exit.
To start APF
At command prompt type: /usr/local/sbin/apf -s
APF commands are:
-s start
-r restart
-f flush - stop
-l list
-st status
-a HOST allow HOST
-d HOST deny HOST
Log out of SSH and then login again.
After you are sure everything is working fine, change the DEV option
At command prompt type: cd /etc/apf
At command prompt type: pico -w conf.apf
Scroll down and find
DEVM="1"
change it to
DEVM="0"
To deny access to port 22 (shell) for everyone, simply take it out of the conf.apf file in the incoming/outgoing settings for TCP protocol.
Then , in the allow_hosts.rules file, add any host you want to have access using the following format:
tcp:in:d=22:s=1.1.1.1 (substitute your actual IP address)
Save changes, exit and then restart firewall,
At command prompt type: /usr/local/sbin/apf -r
or
service apf restart
You can trust your business with AYKsolutions After a horrible experience with my prior host that left me with over 14 hours of downtime, AYKSolutions came in, took care of the transfer completely and made my life easier. When they say their servers are semi-managed, it means they take care of more then most managed server hosting companies. Average ticket response time? 2-5 minutes. One time i n the middle of the night it took 30 minutes. Problems that I create are fixed immediately and they take care of their customers. Artyom is the owner, who is somehow capable of not sleeping. He's always there to take care of everything with a personal touch. 3 AM on a Saturday? Not an issue for AYKSolutions. Trust me, I'm very thorough in researching a company. When it comes to business, you can never be too careful. I trust my business with AYKSolutions
Without doubt the most professional and friendly support team i have ever experienced. These guys are really way above any other company i have worked with in the past.
Hi guys, I am pretty satisfied with your service. Yes, I have experienced some downtime issues with my boxes, but you guys have always been right there for me, at my beck and call whenever I need you. Additionally, you guys are always more than fair when it comes to helping me configure my boxes with my DirectAdmin control panel. Overall, I am very pleased with the service, both in terms of the hardware I receive from you as well as the customer service. Prices seem to be quite fair too. Thanks, Ephi