vsftpd connection timeout
Postat: 30 maj 2008, 21:20
Hej
Jag har problem med min ftp server. Folk brukar kunna tanka / ladda upp en 10 - 15 filer och sen får de connection timeout. Har ni någon aning om vad felet kan vara ?
Servern står bakom en netger router där jag har suttit Default DMZ Server till min server ip. Så alla portar borde vara öppna mot servern.
Min vsftpd konfigurations fil ses nedan:
Och min iptables fil ses nedan
Jag har problem med min ftp server. Folk brukar kunna tanka / ladda upp en 10 - 15 filer och sen får de connection timeout. Har ni någon aning om vad felet kan vara ?
Servern står bakom en netger router där jag har suttit Default DMZ Server till min server ip. Så alla portar borde vara öppna mot servern.
Min vsftpd konfigurations fil ses nedan:
Kod: Markera allt
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
pasv_min_port=40000
pasv_max_port=60000
ftpd_banner=VÃkommen till min ftpserver
chroot_local_user=YES
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
idle_session_timeout=9999
data_connection_timeout=300
Kod: Markera allt
#!/bin/bash
MY_IP="yavari.se"
# No spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi
# No icmp
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#load some modules you may need
#modprobe ip_tables
#modprobe ip_nat_ftp
#modprobe ip_nat_irc
#modprobe iptable_filter
#modprobe iptable_nat
#modprobe ip_conntrack_irc
#modprobe ip_conntrack_ftp
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe iptable_filter
modprobe iptable_nat
modprobe ip_conntrack_irc
modprobe ip_conntrack_ftp
modprobe nf_conntrack_ftp
modprobe nf_nat_ftp
# Remove all rules and chains
iptables -F
iptables -X
# Create chains
iptables -N FIREWALL
iptables -N TRUSTED
iptables -N ALLOWED_PORT
# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# FIREWALL Chain start _____________
# Allow ESTABLISHED and RELATED incoming connection
iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow loopback traffic
iptables -A FIREWALL -i lo -j ACCEPT
# Allow local traffic
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
# Send all packages to chains
iptables -A FIREWALL -j TRUSTED
iptables -A FIREWALL -j ALLOWED_PORT
# DROP all other packets
iptables -A FIREWALL -j DROP
# _____
# TRUSTED Chain start _____________
# VNC
# iptables -A TRUSTED -i eth0 -s $MY_IP -p tcp -m tcp --dport 5901 -j ACCEPT
# ____
# ALLOWED_PORT chain
# SVN
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 3690 -j ACCEPT
# http
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
# SSH
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
# dcpp
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 4412 -j ACCEPT
iptables -A ALLOWED_PORT -i eth0 -p udp -m udp --dport 4412 -j ACCEPT
#ftp
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A ALLOWED_PORT -i eth0 -p tcp -m tcp --dport 20 -j ACCEPT
# _____
# Send all INPUT packets to the FIREWALL chain
iptables -A INPUT -j FIREWALL
# DROP all forward packets, we don't share internet connection in this example
iptables -A FORWARD -j DROP
# End message
echo " [End iptables rules setting]"