Hi, I think I found a bug around DestinationMinPort/DestinationMaxPort. In my configuration (standalone oder inetd doesn't matter) I've set the following values: DestinationMinPort 42900 DestinationMaxPort 42999 The ftp server ist proftpd on the same host as the ftp-proxy. One example session:
---------------------------------------------------------------- 116 % ftp ftp.mosaic-enet.com Connected to ftp.mosaic-enet.com. 220 mosaic04 FTP server (Version 1.7 - 1999/10/22 09:22:47) ready. Name (ftp.mosaic-enet.com:wba): wba 331 Password required for wba. Password: 530 Login incorrect. ftp: Login failed. ftp> user (username) bla 421 Service not available, remote server has closed connection. Login failed. ftp> quit [ mosaic99, wba, /home/wba/test ] 117 % ftp ftp.mosaic-enet.com Connected to ftp.mosaic-enet.com. 220 mosaic04 FTP server (Version 1.7 - 1999/10/22 09:22:47) ready. Name (ftp.mosaic-enet.com:wba): wba 421 Service not available, remote server has closed connection. ftp: Login failed. ftp: No control connection for command. ftp> <<<----------------------------------------------------------------
The proxy connected to the ftp server, after the "Login failed", the ftp
server closes the connection. Due to the tcp implementation, there is a
connection from proxy, port 42000 to the ftp server, one or two minutes in
the state TIME_WAIT. A second try gives an error 99 (I don't mention the
error messages).
Same with two parallel connections to the proxy: first login works fine,
but as long the first login is active, no further connection to the ftp
service is possible (same error message).
I disabled the DestinationMin/MaxPort, so the ftp-proxy can use every non
privileged port, and all works fine. May be this is a problem in selecting
a source port for the proxy->server connection, if the first port in the
range is in use.
My configuration:
tested with fwproxy-1.7tp5-0, fwproxy-1.7-39
tested in standalone and inetd mode
proxy binds to port 21, server on the same host to port 1089 or port 1090.
I've set all Min/MaxPort values as in the example configuration.
The server is running two parallel proxies (both on port 21, but 2
different ip addresses on the same network interface). Proftpd is
configured with 3 virtual ftp servers, 2 for work with the proxies, one for
direct connection. The two virtual ftp servers binds to 127.0.0.1
(different ports), and are not reachable from outside the server.
wob
--