*WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module + csf

Getting the following error while trying to restart csf in my VPS .

root@a24uall [/etc/csf]# csf -r
*WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under ‘A note about FTP Connection Issues’ on how to do this if you have not already done so.
root@a24uall [/etc/csf]#

Solution : IF we dont have node access we need to change the settings in VPS itself

Check if its Pure FTP or Pro FTP and add the following line in the conf file.

vi /etc/pure-ftpd.conf
PassivePortRange 30000 35000

vi /etc/proftpd.conf
PassivePortRange 30000 35000

vi /etc/csf/csf.conf
# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,30000:35000″

If you see this error while restarting iptables then in place of csf step use :

iptables -A INPUT -p tcp –dport 30000:35000 -j ACCEPT

============
enable module

modprobe ip_conntrack_ftp

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *