desynced
10-11-2011, 09:42 AM
I'm setting up a new CentOS 5.7 server (i386) with DirectAdmin. Installed CSF and everything seemed to be working fine. But when the customer that the server was built for uploads or downloads files via FTP, about 30 seconds later they can no longer connect to the server for about 20 minutes. I am assuming it is the firewall, but I cant figure out why. Im comparing everything to my other servers and everything seems to match up, but I cant figure out why on this server its doing it.
proftpd.conf
ServerName "ProFTPd"
ServerType standalone
Port 21
PassivePorts 30000 35000
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b %m"
ExtendedLog /var/log/proftpd/208.94.247.106.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthOrder mod_auth_file.c
#AuthPAM off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off
#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
ListOptions -a
Umask 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
In the CSF config, I have 30000:35000 added to TCP_IN.
Any other ideas?
proftpd.conf
ServerName "ProFTPd"
ServerType standalone
Port 21
PassivePorts 30000 35000
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b %m"
ExtendedLog /var/log/proftpd/208.94.247.106.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthOrder mod_auth_file.c
#AuthPAM off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off
#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
ListOptions -a
Umask 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
In the CSF config, I have 30000:35000 added to TCP_IN.
Any other ideas?