/ Register

Join the community today
Become a Member

CSF Can ping but can't open page

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Aug 30, 2016.

Previous Thread Next Thread
Loading...
Page 6 of 6
  1. Sep 15, 2016 #101
    eva2000

    eva2000 Administrator Staff Member

    46,013
    10,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,217
    Local Time:
    7:51 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    also just updated 123.09beta01 to raise csf LF_DISTFTP from 1 to 8 and LF_DISTFTP_UNIQ from 6 to 8 and raised pure-ftpd max connections from 500 to 1000 and max ip connections from 200 to 500 just to give more head room. Updating 123.09beta01 and running centmin.sh once will auto apply the settings
     
  2. Sep 16, 2016 #102
    pamamolf

    pamamolf Premium Member Premium Member

    3,904
    391
    83
    May 31, 2014
    Ratings:
    +758
    Local Time:
    11:51 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    After the update they report that all working great without any issues :)

    Very happy Centminmod users !!!!
     
  3. Sep 16, 2016 #103
    eva2000

    eva2000 Administrator Staff Member

    46,013
    10,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,217
    Local Time:
    7:51 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    so how many users were simultaneously connecting ? <8 but more than >1-6 ?
     
  4. Sep 16, 2016 #104
    pamamolf

    pamamolf Premium Member Premium Member

    3,904
    391
    83
    May 31, 2014
    Ratings:
    +758
    Local Time:
    11:51 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    only 3
     
  5. Sep 16, 2016 #105
    eva2000

    eva2000 Administrator Staff Member

    46,013
    10,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,217
    Local Time:
    7:51 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    strange then that the update worked for them especially if you had LF_DISTFTP=0 :)
     
  6. Sep 16, 2016 #106
    pamamolf

    pamamolf Premium Member Premium Member

    3,904
    391
    83
    May 31, 2014
    Ratings:
    +758
    Local Time:
    11:51 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Let's wait 5-10 days so they can test it more and we will see :)
     
  7. Feb 25, 2018 #107
    elargento

    elargento Member

    348
    17
    18
    Jan 4, 2016
    Ratings:
    +43
    Local Time:
    6:51 PM
    10
    I'm having same issue. I'm able to log in the server, access FTP but when I try to load the sites I get a timeout error (so my IP isn't blocked)

    I've upgraded centmin to latest beta version, restarted nginx, disable CSF and still the same.
    Any suggestions? The modifications stated on this thread were already applied to recent centmin versions so I don't have anything I could modify.

    Code:
    [22:37][root@xxx.members.linode.com centminmod]# /sbin/sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /etc/sysctl.d/101-sysctl.conf ...
fs.nr_open = 12000000
fs.file-max = 9000000
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.tcp_wmem = 8192 65536 16777216
net.core.netdev_max_backlog = 8192
net.core.somaxconn = 8151
net.core.optmem_max = 8192
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 240
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_max_tw_buckets = 1440000
vm.swappiness = 10
vm.min_free_kbytes = 65536
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_limit_output_bytes = 65536
net.ipv4.tcp_rfc1337 = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.netfilter.nf_conntrack_helper = 0
net.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_tcp_timeout_established = 28800
net.netfilter.nf_conntrack_generic_timeout = 60
net.ipv4.tcp_challenge_ack_limit = 999999999
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_base_mss = 1024
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/50-tcp_fastopen.conf ...
net.ipv4.tcp_fastopen = 3
* Applying /etc/sysctl.d/99-sysctl.conf ...
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
* Applying /etc/sysctl.conf ...
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
[22:37][root@li940-203.members.linode.com centminmod]# nano /etc/sysctl.d/101-sysctl.conf
[22:38][root@li940-203.members.linode.com centminmod]# /sbin/sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
* Applying /etc/sysctl.d/101-sysctl.conf ...
fs.nr_open = 12000000
fs.file-max = 9000000
net.core.wmem_max = 16777216
net.core.rmem_max = 16777216
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.tcp_wmem = 8192 65536 16777216
net.core.netdev_max_backlog = 8192
net.core.somaxconn = 8151
net.core.optmem_max = 8192
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_time = 240
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_max_tw_buckets = 1440000
vm.swappiness = 10
vm.min_free_kbytes = 65536
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_limit_output_bytes = 65536
net.ipv4.tcp_rfc1337 = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.netfilter.nf_conntrack_helper = 0
net.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_tcp_timeout_established = 28800
net.netfilter.nf_conntrack_generic_timeout = 60
net.ipv4.tcp_challenge_ack_limit = 999999999
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_base_mss = 1024
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/50-tcp_fastopen.conf ...
net.ipv4.tcp_fastopen = 3
* Applying /etc/sysctl.d/99-sysctl.conf ...
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
* Applying /etc/sysctl.conf ...
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
    I access my website by modifying Windows host file because this is a private site. It was loading yesterday but not today.
     
  8. Feb 25, 2018 #108
    elargento

    elargento Member

    348
    17
    18
    Jan 4, 2016
    Ratings:
    +43
    Local Time:
    6:51 PM
    10
    Iptables flush did the trick. How is it possible I was blocked by unix firewall but I was still able to log in SSH and FTP?
     
  9. Feb 25, 2018 #109
    eva2000

    eva2000 Administrator Staff Member

    46,013
    10,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,217
    Local Time:
    7:51 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Don't disable CSF Firewall doing so will block access as there's no rule to allow port 80/443 access once CSF Firewall is disabled.

    generally you should flush iptables directly as you can lock yourself out of the server with CSF Firewall installed.

    if you restart CSF Firewall
    Code (Text):
    csf -r

    without exiting existing SSH session, start and try to login to a new SSH session does it work ?
     
  10. Feb 25, 2018 #110
    elargento

    elargento Member

    348
    17
    18
    Jan 4, 2016
    Ratings:
    +43
    Local Time:
    6:51 PM
    10
    Actually CSF was disabled so it wasn't causing this issue. I just disabled it to check if it was guilty
     
Previous Thread Next Thread
Loading...
Page 6 of 6

.