Hi, I think I found a bug around DestinationMinPort/DestinationMaxPort. In my configuration (standalone oder inetd doesn't matter) I've set the following values: DestinationMinPort 42900 DestinationMaxPort 42999 The ftp server ist proftpd on the same host as the ftp-proxy. One example session:
---------------------------------------------------------------- 116 % ftp ftp.mosaic-enet.com Connected to ftp.mosaic-enet.com. 220 mosaic04 FTP server (Version 1.7 - 1999/10/22 09:22:47) ready. Name (ftp.mosaic-enet.com:wba): wba 331 Password required for wba. Password: 530 Login incorrect. ftp: Login failed. ftp> user (username) bla 421 Service not available, remote server has closed connection. Login failed. ftp> quit [ mosaic99, wba, /home/wba/test ] 117 % ftp ftp.mosaic-enet.com Connected to ftp.mosaic-enet.com. 220 mosaic04 FTP server (Version 1.7 - 1999/10/22 09:22:47) ready. Name (ftp.mosaic-enet.com:wba): wba 421 Service not available, remote server has closed connection. ftp: Login failed. ftp: No control connection for command. ftp> <<<----------------------------------------------------------------
The proxy connected to the ftp server, after the "Login failed", the ftp
server closes the connection. Due to the tcp implementation, there is a
connection from proxy, port 42000 to the ftp server, one or two minutes in
the state TIME_WAIT. A second try gives an error 99 (I don't mention the
error messages).
Same with two parallel connections to the proxy: first login works fine,
but as long the first login is active, no further connection to the ftp
service is possible (same error message).
I disabled the DestinationMin/MaxPort, so the ftp-proxy can use every non
privileged port, and all works fine. May be this is a problem in selecting
a source port for the proxy->server connection, if the first port in the
range is in use.
My configuration:
tested with fwproxy-1.7tp5-0, fwproxy-1.7-39
tested in standalone and inetd mode
proxy binds to port 21, server on the same host to port 1089 or port 1090.
I've set all Min/MaxPort values as in the example configuration.
The server is running two parallel proxies (both on port 21, but 2
different ip addresses on the same network interface). Proftpd is
configured with 3 virtual ftp servers, 2 for work with the proxies, one for
direct connection. The two virtual ftp servers binds to 127.0.0.1
(different ports), and are not reachable from outside the server.
wob
--
On Tue, Nov 21, 2000 at 06:52:33PM +0100, Wolfgang Barth wrote:
Hi,
Hi!
I think I found a bug around DestinationMinPort/DestinationMaxPort.
Yes, there is a bug. I'll try to fix it if I've some time to do this. Thank you for your report!
The proxy connected to the ftp server, after the "Login failed", the ftp server closes the connection. Due to the tcp implementation, there is a connection from proxy, port 42000 to the ftp server, one or two minutes in the state TIME_WAIT. A second try gives an error 99 (I don't mention the error messages).
Same with two parallel connections to the proxy: first login works fine, but as long the first login is active, no further connection to the ftp service is possible (same error message).
I disabled the DestinationMin/MaxPort, so the ftp-proxy can use every non privileged port, and all works fine. May be this is a problem in selecting a source port for the proxy->server connection, if the first port in the range is in use.
Yes, that is the reason (at the end of cmds_user in ftp-proxy/ftp-cmds.c).
Gruesse,
Marius Tomaschewski
participants (2)
-
Marius Tomaschewski
-
Wolfgang Barth