Welcome to Centmin Mod Community
Become a Member

CSF Can ping but can't open page

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Aug 30, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    4:35 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    also just updated 123.09beta01 to raise csf LF_DISTFTP from 1 to 8 and LF_DISTFTP_UNIQ from 6 to 8 and raised pure-ftpd max connections from 500 to 1000 and max ip connections from 200 to 500 just to give more head room. Updating 123.09beta01 and running centmin.sh once will auto apply the settings
     
  2. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    9:35 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    After the update they report that all working great without any issues :)

    Very happy Centminmod users !!!!
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    4:35 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    so how many users were simultaneously connecting ? <8 but more than >1-6 ?
     
  4. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    9:35 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    only 3
     
  5. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    4:35 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    strange then that the update worked for them especially if you had LF_DISTFTP=0 :)
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    3,807
    369
    83
    May 31, 2014
    Ratings:
    +711
    Local Time:
    9:35 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    Let's wait 5-10 days so they can test it more and we will see :)
     
  7. elargento

    elargento Member

    343
    17
    18
    Jan 4, 2016
    Ratings:
    +42
    Local Time:
    3:35 AM
    10
    I'm having same issue. I'm able to log in the server, access FTP but when I try to load the sites I get a timeout error (so my IP isn't blocked)

    I've upgraded centmin to latest beta version, restarted nginx, disable CSF and still the same.
    Any suggestions? The modifications stated on this thread were already applied to recent centmin versions so I don't have anything I could modify.

    Code:
    [22:37][root@xxx.members.linode.com centminmod]# /sbin/sysctl --system
    * Applying /usr/lib/sysctl.d/00-system.conf ...
    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0
    * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
    * Applying /etc/sysctl.d/101-sysctl.conf ...
    fs.nr_open = 12000000
    fs.file-max = 9000000
    net.core.wmem_max = 16777216
    net.core.rmem_max = 16777216
    net.ipv4.tcp_rmem = 8192 87380 16777216
    net.ipv4.tcp_wmem = 8192 65536 16777216
    net.core.netdev_max_backlog = 8192
    net.core.somaxconn = 8151
    net.core.optmem_max = 8192
    net.ipv4.tcp_fin_timeout = 10
    net.ipv4.tcp_keepalive_intvl = 30
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_time = 240
    net.ipv4.tcp_max_syn_backlog = 8192
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_syn_retries = 3
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_tw_reuse = 0
    net.ipv4.tcp_max_tw_buckets = 1440000
    vm.swappiness = 10
    vm.min_free_kbytes = 65536
    net.ipv4.ip_local_port_range = 1024 65535
    net.ipv4.tcp_slow_start_after_idle = 0
    net.ipv4.tcp_limit_output_bytes = 65536
    net.ipv4.tcp_rfc1337 = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.all.secure_redirects = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.default.log_martians = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.secure_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    net.netfilter.nf_conntrack_helper = 0
    net.nf_conntrack_max = 524288
    net.netfilter.nf_conntrack_tcp_timeout_established = 28800
    net.netfilter.nf_conntrack_generic_timeout = 60
    net.ipv4.tcp_challenge_ack_limit = 999999999
    net.ipv4.tcp_mtu_probing = 1
    net.ipv4.tcp_base_mss = 1024
    * Applying /usr/lib/sysctl.d/50-default.conf ...
    kernel.sysrq = 16
    kernel.core_uses_pid = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.promote_secondaries = 1
    net.ipv4.conf.all.promote_secondaries = 1
    fs.protected_hardlinks = 1
    fs.protected_symlinks = 1
    * Applying /etc/sysctl.d/50-tcp_fastopen.conf ...
    net.ipv4.tcp_fastopen = 3
    * Applying /etc/sysctl.d/99-sysctl.conf ...
    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0
    * Applying /etc/sysctl.conf ...
    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0
    [22:37][root@li940-203.members.linode.com centminmod]# nano /etc/sysctl.d/101-sysctl.conf
    [22:38][root@li940-203.members.linode.com centminmod]# /sbin/sysctl --system
    * Applying /usr/lib/sysctl.d/00-system.conf ...
    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0
    * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
    * Applying /etc/sysctl.d/101-sysctl.conf ...
    fs.nr_open = 12000000
    fs.file-max = 9000000
    net.core.wmem_max = 16777216
    net.core.rmem_max = 16777216
    net.ipv4.tcp_rmem = 8192 87380 16777216
    net.ipv4.tcp_wmem = 8192 65536 16777216
    net.core.netdev_max_backlog = 8192
    net.core.somaxconn = 8151
    net.core.optmem_max = 8192
    net.ipv4.tcp_fin_timeout = 10
    net.ipv4.tcp_keepalive_intvl = 30
    net.ipv4.tcp_keepalive_probes = 3
    net.ipv4.tcp_keepalive_time = 240
    net.ipv4.tcp_max_syn_backlog = 8192
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_syn_retries = 3
    net.ipv4.tcp_synack_retries = 2
    net.ipv4.tcp_tw_reuse = 0
    net.ipv4.tcp_max_tw_buckets = 1440000
    vm.swappiness = 10
    vm.min_free_kbytes = 65536
    net.ipv4.ip_local_port_range = 1024 65535
    net.ipv4.tcp_slow_start_after_idle = 0
    net.ipv4.tcp_limit_output_bytes = 65536
    net.ipv4.tcp_rfc1337 = 1
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.all.secure_redirects = 0
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.default.log_martians = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.default.secure_redirects = 0
    net.ipv4.conf.default.send_redirects = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    net.netfilter.nf_conntrack_helper = 0
    net.nf_conntrack_max = 524288
    net.netfilter.nf_conntrack_tcp_timeout_established = 28800
    net.netfilter.nf_conntrack_generic_timeout = 60
    net.ipv4.tcp_challenge_ack_limit = 999999999
    net.ipv4.tcp_mtu_probing = 1
    net.ipv4.tcp_base_mss = 1024
    * Applying /usr/lib/sysctl.d/50-default.conf ...
    kernel.sysrq = 16
    kernel.core_uses_pid = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.promote_secondaries = 1
    net.ipv4.conf.all.promote_secondaries = 1
    fs.protected_hardlinks = 1
    fs.protected_symlinks = 1
    * Applying /etc/sysctl.d/50-tcp_fastopen.conf ...
    net.ipv4.tcp_fastopen = 3
    * Applying /etc/sysctl.d/99-sysctl.conf ...
    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0
    * Applying /etc/sysctl.conf ...
    net.ipv6.conf.all.disable_ipv6 = 0
    net.ipv6.conf.default.disable_ipv6 = 0
    
    I access my website by modifying Windows host file because this is a private site. It was loading yesterday but not today.
     
  8. elargento

    elargento Member

    343
    17
    18
    Jan 4, 2016
    Ratings:
    +42
    Local Time:
    3:35 AM
    10
    Iptables flush did the trick. How is it possible I was blocked by unix firewall but I was still able to log in SSH and FTP?
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,426
    10,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,696
    Local Time:
    4:35 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Don't disable CSF Firewall doing so will block access as there's no rule to allow port 80/443 access once CSF Firewall is disabled.

    generally you should flush iptables directly as you can lock yourself out of the server with CSF Firewall installed.

    if you restart CSF Firewall
    Code (Text):
    csf -r
    

    without exiting existing SSH session, start and try to login to a new SSH session does it work ?
     
  10. elargento

    elargento Member

    343
    17
    18
    Jan 4, 2016
    Ratings:
    +42
    Local Time:
    3:35 AM
    10
    Actually CSF was disabled so it wasn't causing this issue. I just disabled it to check if it was guilty