The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apf + pureftp causing timeouts on large file uploads

Discussion in 'General Discussion' started by chilihost, Mar 21, 2006.

  1. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    I am running APF on a CPanel server, everything is up to date on it. I am running pureFTP server and when uploading large files I keep getting timeout errors:

    COMMAND:> TYPE I
    200 TYPE is now 8-bit binary
    COMMAND:> PASV
    227 Entering Passive Mode (x,x,x,x,x)
    COMMAND:> REST 0
    350 Restarting at 0
    COMMAND:> STOR bigfile.zip
    STATUS:> Connecting ftp data socket x.x.x.x:50172...
    150 Accepted data connection
    150 Accepted data connection
    ERROR:> Timeout (60000 ms) occurred on sending data to the server.
    421 Timeout (no new data for 3600 seconds)
    ERROR:> Service unavailable. Try again later.

    I have my ftp client set to PASV mode and have configured APF with all the right ports opened. Here is the relevant lines from my apf conf file:
    # 8: Ports for Maximum Throughput - Minimum Delay
    TOS_8="20,21"
    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,465,953, 993,995,2082,2083,2084,2086,2087,2095,2096,3306,66 66,7786,3000_3500,50000_50500"
    IG_UDP_CPORTS="37,53,873,6277"
    IG_ICMP_TYPES="3,5,11,0,30,8"
    EGF="1"
    EG_TCP_CPORTS="20,21,22,25,37,53,43,80,113,123,443 ,465,873,953,2083,2087,2089,50000_50500"
    EG_UDP_CPORTS="20,21,53,873,953,6277"


    and here is how I have my pure-ftp.conf file setup:
    MaxIdleTime 60
    PassivePortRange 50000 50500


    when I flush my firewall, ftp works perfectly. Has anyone run into this and if yes, how did you fix it?

    thank you!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The only fix I've seen is to switch to a different iptables configuration script. Other than that, you're probably best off asking over on the developers forums at www.rfxnetworks.com since it does appear to be a bug in their firewall script as it's not an uncommon problem.
     
  3. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    thanks, it seems their forums are not working: http://forums.rfxnetworks.com/ comes up with a Forbidden error for me.

    Can anyone suggest a good firewall replacement?
     
  4. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    I have not used this personally however I have heard a few people using 'Kiss Firewall'. I may be wrong here, but APF isnt really a firewall, IPtables is. APF simply loads rules into IPtables.

    I believe Kiss Firewall also works on the same principle of Iptables. You can find more info here: http://www.webhostgear.com/87.html
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Where I find APF doesn't work I usually use KissMyFirewall too - works just fine and is simpler than APF (less to go wrong).
     
  6. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    thank you, I have loaded up kiss and it seems to be working great.
     
  7. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    ugh, i just ran into the same issue again with KISS, will have to keep researching on this one. Anyone have any other suggestions?
     
Loading...

Share This Page