Right, i tried to solve this on my own in last 2-3 days but its a real mistery to me!
The problem:
Problem is that for example you upload lots of files over FTP, let's say Joomla package, the uploading of files will stop after a while and freeze. During this freeze time, user is also unable to use mail, http,... services. In other words, he gets banned for some period of time.
I checked logs and everything that came to my mind and nothing! Nothing recorded about this nowhere! Just like nothing was happening.
How do i know its APF causing this problem? If i turn OFF APF firewall, there are absolutely NO problems at all.
Did i change something in APF config? No. Well dev mode is off and i added some ports that i need to be open. That's it.
Here's the config file, comments stripped.
Code:
#!/bin/sh
DEVEL_MODE="0"
INSTALL_PATH="/etc/apf"
IFACE_IN="eth0"
IFACE_OUT="eth0"
IFACE_TRUSTED=""
SET_VNET="0"
SET_MONOKERN="1"
VF_LGATE=""
VF_ROUTE="1"
VF_CROND="1"
VF_UTIME="0"
TCP_STOP="DROP"
UDP_STOP="DROP"
DSTOP="DROP"
PKT_SANITY="1"
PKT_SANITY_INV="0"
PKT_SANITY_FUDP="1"
PKT_SANITY_PZERO="1"
PKT_SANITY_STUFFED="0"
TOS_DEF_TOS="0"
TOS_DEF_RANGE="512:65535"
TOS_0=""
TOS_2=""
TOS_4=""
TOS_8=""
TOS_16=""
TCR_PASS="1" TCR_PORTS="33434:33534"
ICMP_LIM="30/s"
RESV_DNS="1"
RESV_DNS_DROP="1"
BLK_P2P="1"
BLK_P2P_PORTS="1214,2323,4660_4678,6257,6699,6346,6347,6881_6889,6346,7778"
BLK_MCATNET="0"
BLK_PRVNET="0"
BLK_RESNET="0"
BLK_IDENT="0"
SYSCTL_CONNTRACK="34576"
SYSCTL_TCP="1"
SYSCTL_SYN="1"
SYSCTL_ROUTE="0"
SYSCTL_LOGMARTIANS="0"
SYSCTL_ECN="0"
SYSCTL_SYNCOOKIES="1"
SYSCTL_OVERFLOW="0"
CDPORTS="135_139,111,513,520,445,1433,1434,1234,1524,3127"
IG_TCP_CPORTS="21,22,25,53,80,443,110,143,2222,49152_65534"
IG_UDP_CPORTS="53"
IG_ICMP_TYPES="3,5,11,0,30,8"
EGF="1"
EG_TCP_CPORTS="21,22,25,53,80,443,43"
EG_UDP_CPORTS="21,53"
EG_ICMP_TYPES="all"
EG_TCP_UID=""
EG_UDP_UID=""
EG_DROP_CMD="eggdrop psybnc bitchx BitchX init udp.pl"
USE_DS="0"
DS_URL="feeds.dshield.org/top10-2.txt" # block.txt url (no *://)
DS_URL_PROT="http" # protocol to use for wget
USE_RGT="0"
GA_URL="yourhost.com/glob_allow.rules" # glob_allow.rules url (no *://)
GA_URL_PROT="http" # protocol for use with wget
GD_URL="yourhost.com/glob_deny.rules" # glob_deny.rules url (no *://)
GD_URL_PROT="http" # protocol for use with wget
USE_RD="1"
RD_URL_PROT="http" # protocol to use for wget
RD_URL="r-fx.ca/downloads/reserved.networks" # reserved.networks url
USE_AD="0"
LOG_DROP="0"
LOG_LEVEL="crit"
LOG_TARGET="LOG"
LOG_IA="1"
LOG_LGATE="0"
LOG_EXT="0"
LOG_RATE="30"
LOG_APF="/var/log/apf_log"
CNFINT="$INSTALL_PATH/internals/internals.conf"
. $CNFINT
Oh, i'm using debian.
Anyone knows what on earth is going on? I simply cannot find and solve what the problem is.