Search found 3 matches
- 16 Dec 2021, 09:56
- Forum: General Discussion (csf)
- Topic: CSF + nftables - FTP Passive behaviour
- Replies: 2
- Views: 2540
Re: CSF + nftables - FTP Passive behaviour
After talking with CloudLinux, they mention: v11 - https://blog.configserver.com/?p=3152 Ensure /proc/sys/net/netfilter/nf_conntrack_helper is enabled at startup to allow connection tracking to continue working on newer kernels v12 - https://blog.configserver.com/?p=3249 Added new option USE_FTPHELP...
- 15 Dec 2021, 19:18
- Forum: General Discussion (csf)
- Topic: CSF + nftables - FTP Passive behaviour
- Replies: 2
- Views: 2540
Re: CSF + nftables - FTP Passive behaviour
Note: For example, if we change on TCP_IN the port from 50000-59000 to 49152-65534 it works. If you see the error on dmesg: server kernel: Firewall: *TCP_IN Blocked* IN=eno1 OUT= MAC=XXXXX SRC=(FTP_DESTINATION_IP) DST=(THIS_SERVER) LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=31020 DF PROTO=TCP SPT=20 DPT=6...
- 15 Dec 2021, 19:11
- Forum: General Discussion (csf)
- Topic: CSF + nftables - FTP Passive behaviour
- Replies: 2
- Views: 2540
CSF + nftables - FTP Passive behaviour
Hi All, We have seen a behaviour in all "CloudLinux 8" servers with the introduction of nftables with iptables with connections using PASV. To this test, we have ensured that on TCP_IN ports for FTP are defined between 50000-59000 and Pure-FTPD configured to use that ports. With CSF enable...