dannygoh
06-20-2005, 09:18 PM
Hi,
I upgrade the kernel and my ftp is not working anywore. I can login but not list directory.
Below is my /var/log/messages
Jun 21 12:16:15 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4494 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:18 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4496 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:24 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4498 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:36 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4500 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
My APF Conf
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,2222,2223,3306,8090,3310"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,32769"
# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="20,21,22,25,37,43,53,80,110,143,443,2222,3306,8090,3310"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,32769"
# Common ICMP egress (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
My ProFTP conf
ServerName "ProFTPd"
ServerType standalone
Port 21
UseReverseDNS off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/216.xx.xx.xx.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthPAM off
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
Umask 022
DisplayLogin welcome.msg
DisplayFirstChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
UseReverseDNS off
IdentLookups off
I upgrade the kernel and my ftp is not working anywore. I can login but not list directory.
Below is my /var/log/messages
Jun 21 12:16:15 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4494 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:18 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4496 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:24 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4498 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
Jun 21 12:16:36 ns1 kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=216.xx.xx.xx DST=219.xx.xx.xx LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=4500 DF PROTO=TCP SPT=20 DPT=63019 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)
My APF Conf
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,2222,2223,3306,8090,3310"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,32769"
# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="20,21,22,25,37,43,53,80,110,143,443,2222,3306,8090,3310"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,32769"
# Common ICMP egress (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
My ProFTP conf
ServerName "ProFTPd"
ServerType standalone
Port 21
UseReverseDNS off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/216.xx.xx.xx.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthPAM off
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
Umask 022
DisplayLogin welcome.msg
DisplayFirstChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
UseReverseDNS off
IdentLookups off