Results 1 to 2 of 2

Thread: VPS Server Security - Firewall

  1. #1
    Administrator GoHighVoltage's Avatar
    Join Date
    Dec 2010
    Location
    Edwardsville, IL
    Posts
    185
    Blog Entries
    34

    VPS Server Security - Firewall

    The best thing you can do is download and install CSF+LFD.

    Found at ConfigServer Services

    It is totally free, easy to install and configure, and it is very powerful.

    This should be standard on every VPS and Dedicated Server.


    Some Screen Shot are Attached.

    Click image for larger version. 

Name:	csf#1.jpg 
Views:	2 
Size:	98.7 KB 
ID:	59

  2. #2
    Administrator GoHighVoltage's Avatar
    Join Date
    Dec 2010
    Location
    Edwardsville, IL
    Posts
    185
    Blog Entries
    34

    Lightbulb *WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is.....

    Getting following error after configuring CSF firewall on a cPanel VPS.
    Quote:
    *WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under 'A note about FTP Connection Issues' on how to do this if you have not already done so.

    To solve this error, you only need to allow passive ports in your ftp configuration "/etc/pure-ftpd.conf" and CSF configuration "/etc/csf/csf.conf" file.

    How to allow ports in pure-ftpd.conf.

    Open the file "/etc/pure-ftpd.conf" and search for "PassivePortRange" and remove the "#" in front of the line.
    Quote:
    # Port range for passive connections replies. - for firewalling.

    PassivePortRange 30000 50000

    Save the changes and restart ftp service,
    Quote:
    -bash-3.2# /scripts/restartsrv pureftpd


    How to add port in "csf.conf".

    Open the file "/etc/csf/csf.conf" and search for "TCP_IN" and add the port range which you have allowed in the ftp configuration file i.e "30000:50000"
    Quote:
    # Allow incoming TCP ports
    TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,207 7,2078,2082,2083,2086,2087,2095,2096,30000:50000"

    Note :- colon [:] is used to specify the port range.

    Save the changes and restart CSF service.
    Quote:
    -bash-3.2# csf -r

    After restarting CSF, you will not get any warning message for passive port hole in iptables for incoming FTP.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •