Announcement

Collapse
No announcement yet.

VPS Server Security - Firewall

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPS Server Security - Firewall

    The best thing you can do is download and install CSF+LFD.

    Found at ConfigServer Services

    It is totally free, easy to install and configure, and it is very powerful.

    This should be standard on every VPS and Dedicated Server.


    Some Screen Shot are Attached.

    Click image for larger version

Name:	csf#1.jpg
Views:	1
Size:	98.7 KB
ID:	10000

  • #2
    *WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is.....

    Getting following error after configuring CSF firewall on a cPanel VPS.
    Quote:
    *WARNING* Since the Virtuozzo VPS iptables ip_conntrack_ftp kernel module is currently broken you have to open a PASV port hole in iptables for incoming FTP connections to work correctly. See the csf readme.txt under 'A note about FTP Connection Issues' on how to do this if you have not already done so.
    To solve this error, you only need to allow passive ports in your ftp configuration "/etc/pure-ftpd.conf" and CSF configuration "/etc/csf/csf.conf" file.

    How to allow ports in pure-ftpd.conf.

    Open the file "/etc/pure-ftpd.conf" and search for "PassivePortRange" and remove the "#" in front of the line.
    Quote:
    # Port range for passive connections replies. - for firewalling.

    PassivePortRange 30000 50000
    Save the changes and restart ftp service,
    Quote:
    -bash-3.2# /scripts/restartsrv pureftpd

    How to add port in "csf.conf".

    Open the file "/etc/csf/csf.conf" and search for "TCP_IN" and add the port range which you have allowed in the ftp configuration file i.e "30000:50000"
    Quote:
    # Allow incoming TCP ports
    TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,207 7,2078,2082,2083,2086,2087,2095,2096,30000:50000"
    Note :- colon [:] is used to specify the port range.

    Save the changes and restart CSF service.
    Quote:
    -bash-3.2# csf -r
    After restarting CSF, you will not get any warning message for passive port hole in iptables for incoming FTP.

    Comment

    Working...
    X