This segues to a bigger issue for me: a proftpd crisis.
Everything was humming along perfectly for about 6 months until this morning... my httpd stopped and failed to restart. I couldn't restart httpd, so I rebooted. No clues in various logs as why a fail....except....
For some unknown reason, my hostname was reset to localhost after a reboot. I edited my /etc/host & /etc/sysconfig/network, reset my hostname, and did some checking in my Plesk 6 and RH 7 stuff....everything then was back to normal.....
....except proftpd. I can login into the ftp server both from >ftp localhost and remotely, either using domain name or ip. I've got full control locally, but remotely I cannot ls, put, get, etc...I get timed-out errors.
That's when I thought it might be a firewall....and it is....I ran the iptables -f (my bad and thankfully you guys help me reset with little agony). After a reboot and a kiss stop, my ftp server works remotely. But I still need my firewall.
Question: what would change in iptables after this 'crash' or would should I look for in iptables to make sure my proftpd accepts full connections through the firewall, without having to rebuild the firewall.
Note: I did modify my iptables by doing a iptables-save, then edited, and then did a cat FIREWALL | iptables-restore.
1. a kiss stop and start makes the firewall allow proftpd...but this kills my hacked-in paranoid firewall settings. I can always insert rules one-by-one, but what if the same problem reoccurs?
2. Your PassivePorts suggestion added to my proftpd.include and BINGO! it works with my added iptables rules...so I'm locked tight again with minimal effort....so......
eth00> A BIG MONDO THANKS!! as you saved me a lot of worry and time and I learned a little bit more!!
Now I need to figure out how this whole thing started....I'll check the logs more tomorrow and see if I can find anything. I also cross-posted to another admin forum and I'll report back if it seems helpful.