I have been pulling out what is left of my hair (not much) for the past week. My situation is: FTP1 eth0:1=IP1 | Internet -------------[ firewall ]----intranet eth0:2=IP2 | FTP2 I have to FTP servers that need to see the outside world... they are bound to IP1 and IP2. I have Suse 6.2 running on the box, with ipchains and ipmasqadm. I am also using ip aliases. Now my problems: I was running ftp-proxy for FTP1, and when two or more people tried to download a big file, it would just hang. This problem was solved by the Port patch from Letter 24 (by Volker?). THANKS !!!! My second problem is that if I try to run two ftp-proxys, people can't download anything. I know in the documentation it says not to run two proxies on the same port. Does that apply in this case? In the .conf files I list the different connecting address for the server. Hurley Braden
On Mon, 24 Jan 2000, Hurley Braden wrote:
I have been pulling out what is left of my hair (not much) for the past week.
Oh dear! Don't.
My situation is: FTP1 eth0:1=IP1 | Internet -------------[ firewall ]----intranet eth0:2=IP2 | FTP2
Understood.
I have to FTP servers that need to see the outside world... they are bound to IP1 and IP2. I have Suse 6.2 running on the box, with ipchains and ipmasqadm. I am also using ip aliases.
Okay.
Now my problems: I was running ftp-proxy for FTP1, and when two or more people tried to download a big file, it would just hang. This problem was solved by the Port patch from Letter 24 (by Volker?). THANKS !!!!
What is "Letter 24"? Can you bounce me the mail that helped you? Just to make sure we are in sync.
My second problem is that if I try to run two ftp-proxys, people can't download anything. I know in the documentation it says not to run two proxies on the same port. Does that apply in this case? In the .conf files I list the different connecting address for the server.
If you are running two different servers with two different .conf files, and these .conf files point to different IP-Addr/Port pairs, then there should be nothing wrong with the setup. Can you provide some debug or syslog output? I'm here to help. [But maybe not tonight, certainly tomorrow morning German time] :-)
Hurley Braden
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
On Mon, 24 Jan 2000, Volker Wiegand wrote:
On Mon, 24 Jan 2000, Hurley Braden wrote:
blah blah blah
What is "Letter 24"? Can you bounce me the mail that helped you? Just to make sure we are in sync.
My second problem is that if I try to run two ftp-proxys, people can't download > > anything. I know in the documentation it says not to run two
The patch (in Letter 24) I was refering to is the "SO_REUSEADDR bug in FTP-Proxy" letter which is article 23 in the mailing list. proxies on the > > same port. Does that apply in this case? In the .conf files I list the > > different connecting address for the server.
If you are running two different servers with two different .conf files, and these .conf files point to different IP-Addr/Port pairs, then there should be nothing wrong with the setup. Can you provide some debug or syslog output? I'm here to help. [But maybe not tonight, certainly tomorrow morning German time] :-)
Hurley Braden Volker
After some further testing I don't think it has anything to do with the fact that I am trying to run two different servers. I think I may have a problem running proxy in standalone. Here is a lot more info than you are going to want The error that I am getting -> ftp ftp.icemcfd.com Name : ftp Passwd : my email address ftp> cd pub/4.0/Patches/4.0.7_beta ftp> bin ftp> get sgi407.tar.gz 200 PORT command successful. 150 Opening BINARY mode data connection for sgi407.tgz (109753756 bytes). 421 Service not available, remote server has closed connection 6049744 bytes received in 819.22 seconds (7.21 Kbytes/s) ftp> It seems to happen if I try to log into ftp again (maybe something to do with spawning a deamon ?) I ran ftp-proxy in stand alone with -v 4 switch... snippets of the data are at end of the letter. ----------------------------------------------- compile flags: ./configure --enable-debug --with-regex --enable-so-linger ----------------------------------------------- The way I was running when it didn't work: ./ftp-proxy -d -f ../etc/ftp-proxy.conf ./ftp-proxy -d -f ../etc/ftp-proxy_flash.conf ----------------------------------------------- It works when I run it via inetd. inetd.conf: tp stream tcp nowait root /usr/local/proxy-suite/sbin/ftp-proxy -i -f /usr/local/proxy-suite/etc/ftp-proxy.conf ------------------------------------------------ ftp-proxy.conf - [-Global-] DestinationAddress 10.0.0.2 DestinationTransferMode client Listen 216.15.95.2 ServerType inetd TCPWrapper yes TimeOut 7200 ----------------------------------------------- ftp-proxy_flash.conf - [-Global-] DestinationAddress 10.0.0.3 DestinationTransferMode client Listen 216.15.95.3 ServerType inetd TCPWrapper yes ------------------------------------------------ eth0 - 216.15.95.4 eth0:1 - 216.15.95.2 .... ftp server 10.0.0.2 eth0:2 - 216.15.95.3 .... ftp server 10.0.0.3 ------------------------------------------------ A lot of data ---- 09:46:10 <11838> ############# ftp-proxy startup ############# 09:46:10 <11838> TECH-INF Config-File: '../etc/ftp-proxy.conf' 09:46:10 <11838> alloc 12 (com-config.c:272): 0x805f5b8 09:46:10 <11838> config_line: '[-Global-]' 09:46:10 <11838> config_line: 'DestinationAddress 10.0.0.2' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f5c8 09:46:10 <11838> alloc 19 (com-config.c:374): 0x805f5d8 09:46:10 <11838> alloc 9 (com-config.c:375): 0x805f5f0 09:46:10 <11838> config_line: 'DestinationTransferMode client' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f600 09:46:10 <11838> alloc 24 (com-config.c:374): 0x805f610 09:46:10 <11838> alloc 7 (com-config.c:375): 0x805f630 09:46:10 <11838> config_line: 'Listen 216.15.95.2' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f640 09:46:10 <11838> alloc 7 (com-config.c:374): 0x805f650 09:46:10 <11838> alloc 12 (com-config.c:375): 0x805f670 09:46:10 <11838> config_line: 'ServerType inetd' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f680 09:46:10 <11838> alloc 11 (com-config.c:374): 0x805f690 09:46:10 <11838> alloc 6 (com-config.c:375): 0x805f6a0 09:46:10 <11838> config_line: 'TCPWrapper yes' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f6b0 09:46:10 <11838> alloc 11 (com-config.c:374): 0x805f6c0 09:46:10 <11838> alloc 4 (com-config.c:375): 0x805f6d0 09:46:10 <11838> config_line: 'TimeOut 7200 ' 09:46:10 <11838> alloc 12 (com-config.c:373): 0x805f6e0 09:46:10 <11838> alloc 8 (com-config.c:374): 0x805f6f0 09:46:10 <11838> alloc 5 (com-config.c:375): 0x805f700 09:46:10 <11838> TECH-INF Config-Section ------ '(-global-)' 09:46:10 <11838> TECH-INF Config: DestinationAddress = '10.0.0.2' 09:46:10 <11838> TECH-INF Config: DestinationTransferMode = 'client' 09:46:10 <11838> TECH-INF Config: Listen = '216.15.95.2' 09:46:10 <11838> TECH-INF Config: ServerType = 'inetd' 09:46:10 <11838> TECH-INF Config: TCPWrapper = 'yes' 09:46:10 <11838> TECH-INF Config: TimeOut = '7200' 09:46:10 <11838> config_str: s='(nil)' n='LogDestination' d='(nil)' 09:46:10 <11838> config_str: s='(nil)' n='DestinationAddress' d='(nil)' 09:46:10 <11838> config_str: result='10.0.0.2' 09:46:10 <11838> {{{{{ ftp-proxy daemon-start 09:46:10 <11839> fork: PID 11838 --> 11839 09:46:10 <11839> config_addr: s='(nil)' n='Listen' d='0.0.0.0' 09:46:10 <11839> str2addr: in='216.15.95.2' 09:46:10 <11839> config_addr: result='216.15.95.2' 09:46:10 <11839> config_port: s='(nil)' n='Port' d=21 09:46:10 <11839> about to listen: 216.15.95.2:21 09:46:10 <11839> uid-gid desired: uid=-1 gid=-1 09:46:10 <11839> config_gid: s='(nil)' n='Group' d=0 09:46:10 <11839> config_uid: s='(nil)' n='User' d=0 09:46:10 <11839> uid-gid adopted: uid=0 gid=0 09:46:10 <11839> config_str: s='(nil)' n='PidFile' d='(nil)' 09:46:20 <11840> ############# ftp-proxy startup ############# 09:46:20 <11840> TECH-INF Config-File: '../etc/ftp-proxy_flash.conf' 09:46:20 <11840> alloc 12 (com-config.c:272): 0x805f5b8 09:46:20 <11840> config_line: '[-Global-]' 09:46:20 <11840> config_line: 'DestinationAddress 10.0.0.3' 09:46:20 <11840> alloc 12 (com-config.c:373): 0x805f5c8 09:46:20 <11840> alloc 19 (com-config.c:374): 0x805f5d8 09:46:20 <11840> alloc 9 (com-config.c:375): 0x805f5f0 09:46:20 <11840> config_line: 'DestinationTransferMode client' 09:46:20 <11840> alloc 12 (com-config.c:373): 0x805f600 09:46:20 <11840> alloc 24 (com-config.c:374): 0x805f610 09:46:20 <11840> alloc 7 (com-config.c:375): 0x805f630 09:46:20 <11840> config_line: 'Listen 216.15.95.3' 09:46:20 <11840> alloc 12 (com-config.c:373): 0x805f640 09:46:20 <11840> alloc 7 (com-config.c:374): 0x805f650 09:46:20 <11840> alloc 12 (com-config.c:375): 0x805f670 09:46:20 <11840> config_line: 'ServerType inetd' 09:46:20 <11840> alloc 12 (com-config.c:373): 0x805f680 09:46:20 <11840> alloc 11 (com-config.c:374): 0x805f690 09:46:20 <11840> alloc 6 (com-config.c:375): 0x805f6a0 09:46:20 <11840> config_line: 'TCPWrapper yes' 09:46:20 <11840> alloc 12 (com-config.c:373): 0x805f6b0 09:46:20 <11840> alloc 11 (com-config.c:374): 0x805f6c0 09:46:20 <11840> alloc 4 (com-config.c:375): 0x805f6d0 09:46:20 <11840> TECH-INF Config-Section ------ '(-global-)' 09:46:20 <11840> TECH-INF Config: DestinationAddress = '10.0.0.3' 09:46:20 <11840> TECH-INF Config: DestinationTransferMode = 'client' 09:46:20 <11840> TECH-INF Config: Listen = '216.15.95.3' 09:46:20 <11840> TECH-INF Config: ServerType = 'inetd' 09:46:20 <11840> TECH-INF Config: TCPWrapper = 'yes' 09:46:20 <11840> config_str: s='(nil)' n='LogDestination' d='(nil)' 09:46:20 <11840> config_str: s='(nil)' n='DestinationAddress' d='(nil)' 09:46:20 <11840> config_str: result='10.0.0.3' 09:46:20 <11840> {{{{{ ftp-proxy daemon-start 09:46:20 <11841> fork: PID 11840 --> 11841 09:46:20 <11841> config_addr: s='(nil)' n='Listen' d='0.0.0.0' 09:46:20 <11841> str2addr: in='216.15.95.3' 09:46:20 <11841> config_addr: result='216.15.95.3' 09:46:20 <11841> config_port: s='(nil)' n='Port' d=21 09:46:20 <11841> about to listen: 216.15.95.3:21 09:46:20 <11841> uid-gid desired: uid=-1 gid=-1 09:46:20 <11841> config_gid: s='(nil)' n='Group' d=0 09:46:20 <11841> config_uid: s='(nil)' n='User' d=0 09:46:20 <11841> uid-gid adopted: uid=0 gid=0 09:46:20 <11841> config_str: s='(nil)' n='PidFile' d='(nil)' 09:47:06 <11839> accepted 4=63.194.132.101 09:47:06 <11839> config_int: s='(nil)' n='ForkLimit' d=40 09:47:06 <11839> config_int: s='(nil)' n='MaxClients' d=512 09:47:06 <11839> client pid=11845 (63.194.132.101) added 09:47:06 <11845> {{{{{ ftp-child client-fork 09:47:06 <11845> config_int: s='(nil)' n='TimeOut' d=900 09:47:06 <11845> config_int: result=7200 09:47:06 <11845> config_str: s='(nil)' n='DenyMessage' d='(nil)' 09:47:06 <11845> alloc 68 (com-socket.c:327): 0x805f4d8 09:47:06 <11845> created HLS for 0=63.194.132.101:2290 09:47:06 <11845> USER-INF connect from 63.194.132.101 09:47:06 <11845> config_str: s='(nil)' n='WelcomeString' d='(nil)' 09:47:06 <11845> config_str: s='(nil)' n='WelcomeMessage' d='(nil)' 09:47:06 <11845> printf Cli-Ctrl 0=63.194.132.101: 66 bytes '220 ascend FTP server (Version 1.7 - 1999/10/22 09:22:47) ready.' 09:47:06 <11845> alloc 90 (com-socket.c:688): 0x805f520 09:47:06 <11845> config_str: s='(nil)' n='ServerRoot' d='(nil)' 09:47:06 <11845> FD_SET Cli-Ctrl for W 09:47:06 <11845> FD_SET Cli-Ctrl for R 09:47:06 <11845> free 0x805f520 (com-socket.c:1046) ... ... 09:49:41 <11845> free 0x805f6e0 (com-config.c:127) 09:49:41 <11845> free 0x805f5b8 (com-config.c:131) 09:49:41 <11845> ------------- ftp-child exiting ------------- 09:49:41 <11839> client pid=11845 (63.194.132.101) gone ... ... 09:50:25 <11854> free 0x805f5b8 (com-config.c:131) 09:50:25 <11854> ------------- ftp-child exiting ------------- 09:50:25 <11839> client pid=11854 (193.150.150.3) gone 09:50:26 <11839> accepted 4=193.150.150.3 09:50:26 <11839> config_int: s='(nil)' n='ForkLimit' d=40 09:50:26 <11839> config_int: s='(nil)' n='MaxClients' d=512 09:50:26 <11839> client pid=11856 (193.150.150.3) added 09:50:26 <11856> {{{{{ ftp-child client-fork 09:50:26 <11856> config_int: s='(nil)' n='TimeOut' d=900 09:50:26 <11856> config_int: result=7200 09:50:26 <11856> config_str: s='(nil)' n='DenyMessage' d='(nil)' 09:50:26 <11856> alloc 68 (com-socket.c:327): 0x805f4d8 09:50:26 <11856> created HLS for 0=193.150.150.3:42075 09:50:26 <11856> USER-INF connect from 193.150.150.3 09:50:26 <11856> config_str: s='(nil)' n='WelcomeString' d='(nil)' 09:50:26 <11856> config_str: s='(nil)' n='WelcomeMessage' d='(nil)' 09:50:26 <11856> printf Cli-Ctrl 0=193.150.150.3: 66 bytes '220 ascend FTP server (Version 1.7 - 1999/10/22 09:22:47) ready.' 09:50:26 <11856> alloc 90 (com-socket.c:688): 0x805f520 09:50:26 <11856> config_str: s='(nil)' n='ServerRoot' d='(nil)' 09:50:26 <11856> FD_SET Cli-Ctrl for W 09:50:26 <11856> FD_SET Cli-Ctrl for R 09:50:26 <11856> free 0x805f520 (com-socket.c:1046)
Hurley, my best guess at this point is the firewall penetration. Have you tried to change the active/passive configuration (DestinationTransferMode)? This might be a case of packet dropping for the Data connection. What puzzles me nevertheless is the statistics. This might indicate a timeout problem? Do you see the same trouble with smaller files? Your compilation and configuration look absolutely fine to me. Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
participants (2)
-
Hurley Braden
-
Volker Wiegand