ConfigServer Community Forum

The IP's have been changed to dummy IP's but what I have going on is the following.

I have a cpanel server 10.10.10.10 and a web site builder server at 9.9.9.9. The site builder software compiles the web site on 9.9.9.9 and then FTP's it to 10.10.10.10. I have explicitly allowed 9.9.9.9 via "csf -a 9.9.9.9" on the cpanel server. However I noticed when publishing some of the ftp activity works but some does not and I see the following kernel messages on the console.

kernel:nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=10.10.10.10 DST=9.9.9.9 LEN=101 TOS=0x10 PREC=0x00 TTL=64 ID=52638 DF PROTO=TCP SPT=21 DPT=58747 SEQ=2112044115 ACK=3388217755 WINDOW=114 RES=0x00 ACK PSH URGP=0 OPT (0101080A175E46BC0A11B139) UID=0 GID=0

kernel: nf_ct_ftp: dropping packetIN= OUT=eth0 SRC=10.10.10.10 DST=9.9.9.9 LEN=101 TOS=0x10 PREC=0x00 TTL=64 ID=52638 DF PROTO=TCP SPT=21 DPT=58747 SEQ=2112044115 ACK=3388217755 WINDOW=114 RES=0x00 ACK PSH URGP=0 OPT (0101080A175E46BC0A11B139) UID=0 GID=0

In the /etc/csf/csf.conf, FTP failure monitoring is turned off.

LF_FTPD = "0"
LF_DISTFTP = "0"

Can any one explain why these packets are getting dropped when the IP in question is explicitly allowed and how to fix?

Thanks,
Eric

Thanks for the link. I am not so much interested in turning off the kernel messages as I am not blocking the outbound FTP. I realize this is not specifically a CSF issue but any idea on how to keep this traffic from getting blocked?

Eric