Friends: The days 5 and 7 of this month, I sent them two mail requesting suggestions about problems that I had (I have) using ftp. Up to now nobody has answered me except for Marc Heuse in private mail. I appeal you since the answer of Marc again (to change the kernel, use at the moment the 2.4.4) he has still left me more doubts. It should have a 'pacific solution' for this problem, that is to say that doesn't commit the costs and working hours of the company. I trust them in that alone precise an orientation, for where to begin to solve the problem, I don't specify magic solutions, these don't exist. The scenario is this: a server Linux with one ADSL 128/256 kb lines in a router Cisco 777, in eth0 it is the net of the company with 45 users using Internet and electronic mail; in eth1 the router mentioned up. The server has the SuSEfirewall2-2.1 and SuSE 7.2, allowing the members of the net to consent to the mentioned services. The company has hired a server ftp (ftp.thecompany.com.ar) with the phone company of our area (Telecom). In the area of systems, two people specify to make ftp to that server and to send for the same way information to the branches that are in other towns; the software that they use in you scheme them client it is the Windows Commander and CuteFTPpro. Now then, either that they use the passive or active mode to make ftp, the server Linux freezes, totally frozen; and it is necessary to restart the server. It doesn't always happen, and it is not known which are the conditions of the server in the moment of the freezing. I cannot have solved the problem for 2 months, I have proven almost everything, from different configurations of the SuSEfirewall2-2.1 until the update of the iptables (1.2.1 at 1.2.2), but anything works. In the inetd.conf has active the Proftpd, although I am not very sure that it is relevant. Now, from D.O.S. in a machine client I use ftp and works well, very well; and Linux doesn't freeze. During the hours of more work, that is to say, all the clients using Internet and mail, it is when more 'hang'; up to four times during the morning. But in the afternoon it diminishes a lot the frequency of the freezing, until any 'hang' in hours of the night. But or less this is what happens, I wait to have explained the problem well. Some help or orientation?. Thanks folks (folks, no list) Ernesto
OK, one idea. Should it be, that there is some strange loop in there firewall rulez. If it's possible, maybe at night, shut down the firewall and try to get it run only with ip-forwarding - than you know, that ip-filter is not your problem. If it, the only thing you've to do, is to define some custom rules and to follow its way through routing/forwarding|nat/filtering. Yours Michael Appeldorn
Ok Michael, in the night I will prove what you say; for a better analysis, would it be better than you saw the rules of the SuSEfirewall? Thanks for your orientation Ernesto
-----Mensaje original----- De: Michael Appeldorn [mailto:appeldorn@codixx.de] Enviado el: lunes 18 de febrero de 2002 10:04 Para: Suse Security; Grupo Dignitas Asunto: Re: [suse-security] Ftp & more problems
OK, one idea. Should it be, that there is some strange loop in there firewall rulez.
If it's possible, maybe at night, shut down the firewall and try to get it run only with ip-forwarding - than you know, that ip-filter is not your problem.
If it, the only thing you've to do, is to define some custom rules and to follow its way through routing/forwarding|nat/filtering.
Yours
Michael Appeldorn
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Dear Ernesto Is it possible that the CuteFTPpro program in Windows might be to blame? I ask this because CuteFTP (I don't know about CuteFTPPro) is *adware*. When you install it, it puts a file called ADVERT.DLL somewhere in the \Windows directory (probably \WINDOWS\SYSTEM). This file _tracks the user's surfing habits_ (!!!) and periodically sends details of the sites that the user has visited to a server which is run by or on behalf of an Internet advertising agency called Radiate (previously called Aureate). Radiate use the information about the surfing preferences of various IP addresses to work out the sort of Internet adverts that the user is likely to be interested in and sells it on to the companies who subscribe to them. A real invasion of privacy, IMHO. I don't have any details about which IP ports are involved, but it is quite possible that something it does could be upsetting your firewall. This would also explain why you don't have problems with FTP in DOS. Note also: There are many other "free" or "demo" programs which install the ADVERT.DLL file. Also, this file is NOT removed (or certainly not always) when you uninstall the free/demo program!! I would check your Windows clients to see if there are copies of ADVERT.DLL anywhere. The file has been shown to cause Internet browser crashes, lockups and similar odd behaviour on Windows clients as well. Removing it may well cause CuteFTPpro to stop working so you may need to switch to another client, but it has to be better than what you have been going through for the last couple of months. Who knows - this may be the answer. Good success, anyway. Mark Dalley KiwiData Limited Tel: +44 1823 259748 Mbl: +44 7970 885808 ---- Grupo Dignitas wrote:
Friends: The days 5 and 7 of this month, I sent them two mail requesting suggestions about problems that I had (I have) using ftp... ... ... The company has hired a server ftp (ftp.thecompany.com.ar) with the phone company of our area (Telecom). In the area of systems, two people specify to make ftp to that server and to send for the same way information to the branches that are in other towns; the software that they use in you scheme them client it is the Windows Commander and CuteFTPpro. Now then, either that they use the passive or active mode to make ftp, the server Linux freezes, totally frozen; and it is necessary to restart the server. It doesn't always happen, and it is not known which are the conditions of the server in the moment of the freezing. I cannot have solved the problem for 2 months, I have proven almost everything, from different configurations of the SuSEfirewall2-2.1 until the update of the iptables (1.2.1 at 1.2.2), but anything works. In the inetd.conf has active the Proftpd, although I am not very sure that it is relevant. Now, from D.O.S. in a machine client I use ftp and works well, very well; and Linux doesn't freeze. During the hours of more work, that is to say, all the clients using Internet and mail, it is when more 'hang'; up to four times during the morning. But in the afternoon it diminishes a lot the frequency of the freezing, until any 'hang' in hours of the night. But or less this is what happens, I wait to have explained the problem well. Some help or orientation?.
Thanks folks (folks, no list)
Ernesto
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
--
Ernesto, with a Linux server running SuSE 7.2, a 2.4.x kernel and pppoe, I experienced EXACTLY the same problem; total (and reproduceable) server hangs after specific actions of some users and an overall unstable machine behaviour. A real pain in the ass. I nearly dissected the whole machine, configured extensive logging, traced the kernel back and forth, and finally came to the conclusion that pre2.4.10 kernels and pppoe, together with certain user requests on the network level, aren't a very good combination. IMO, the older, buggy 2.4.x kernels should not be used on production systems, they have some more or less serious flaws in diverse sub systems, such as the IP stack; the lowest 2.4.x kernel version I'd dare to use would be 2.4.14. Go figure. After changing the kernel to 2.2.20, kicking SuSE's pppoe/pppox implementation and a manual configuration of Roaring Penguin's pppoe ( http://www.roaringpenguin.com/pppoe/ ), the problem silently went away. The system now runs smoothly, without any hangs or crashes. Perhaps this helps. Boris <bolo@lupa.de> ---
Well friends: I will try to explain the steps that I made (incorporating the three ideas that arose, those of Michael Appeldorn, Mark Dalley and Boris Lorenz). There is not any file in the clients called ADVERT.DLL. I have proven using a client ftp free called CoffeCup (I believe that is your name, I don't remember well), with the same problem, Linux freezes; it doesn't care if I use passive or active mode. During the night it disables the firewall, and just leaves the masquerading options (using iptables and the example that it is in the header of the file firewall.rc.config); regrettably I obtained the same result, Linux continues freezing with petitions ftp. I admit that the option of using the kernel 2.2.20, disable pppoe/pppox and to install Roaring Penguin pppoe didn't prove it, since alone I can make it during the weekend; this company prefers to make it during the hours of less work (Saturdays and Sundays they also work). Now then, the boys of systems made two things while it was me out, they installed a memory monitor of the KDE and they entered to the system like a normal user, all the previous tests were made as root. And these two things happened: 1) the freezing percentages lowered until almost anything, with the exception of the ftp, that continues generating problems, 2) when linux freezes -for example, using a petition ftp - the memory monitor of the KDE goes diminishing the free memory until leaving it in 0 (zero), then linux freezes completely. Every time I am more confused, it should surely have several problems, I don't unite alone. And now I believe that the kernel 2.4.4 under certain conditions are unstable. I believe that it should no longer have a 'pacific solution' for this problem. I expect their help, and also understanding. Ernesto
-----Mensaje original----- De: Grupo Dignitas [mailto:gdignitas@gamma.com.ar] Enviado el: lunes 18 de febrero de 2002 9:11 Para: Suse Security Asunto: [suse-security] Ftp & more problems
Friends: The days 5 and 7 of this month, I sent them two mail requesting suggestions about problems that I had (I have) using ftp. Up to now nobody has answered me except for Marc Heuse in private mail. I appeal you since the answer of Marc again (to change the kernel, use at the moment the 2.4.4) he has still left me more doubts. It should have a 'pacific solution' for this problem, that is to say that doesn't commit the costs and working hours of the company. I trust them in that alone precise an orientation, for where to begin to solve the problem, I don't specify magic solutions, these don't exist. The scenario is this: a server Linux with one ADSL 128/256 kb lines in a router Cisco 777, in eth0 it is the net of the company with 45 users using Internet and electronic mail; in eth1 the router mentioned up. The server has the SuSEfirewall2-2.1 and SuSE 7.2, allowing the members of the net to consent to the mentioned services. The company has hired a server ftp (ftp.thecompany.com.ar) with the phone company of our area (Telecom). In the area of systems, two people specify to make ftp to that server and to send for the same way information to the branches that are in other towns; the software that they use in you scheme them client it is the Windows Commander and CuteFTPpro. Now then, either that they use the passive or active mode to make ftp, the server Linux freezes, totally frozen; and it is necessary to restart the server. It doesn't always happen, and it is not known which are the conditions of the server in the moment of the freezing. I cannot have solved the problem for 2 months, I have proven almost everything, from different configurations of the SuSEfirewall2-2.1 until the update of the iptables (1.2.1 at 1.2.2), but anything works. In the inetd.conf has active the Proftpd, although I am not very sure that it is relevant. Now, from D.O.S. in a machine client I use ftp and works well, very well; and Linux doesn't freeze. During the hours of more work, that is to say, all the clients using Internet and mail, it is when more 'hang'; up to four times during the morning. But in the afternoon it diminishes a lot the frequency of the freezing, until any 'hang' in hours of the night. But or less this is what happens, I wait to have explained the problem well. Some help or orientation?.
Thanks folks (folks, no list)
Ernesto
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi, me suggested, to completly disable netfilter to determine if it involved, not to use just another configuration :O)_ I agree with the point, that somewhere in the memory-managment in conjunction with heavy network load the 2.4. seems to have probs. Me 's running a samba-site and sometimes, without any suitable reason it's hanging. The log shows U killed smbd cauzed by out of memory. Same as your example. So try another kernel. Just latest 2.2.x as suggested or >=2.4.15 as discussed here and somewhere else 4 stability reason. And give us a feedback, even when it works.
Well friends: I will try to explain the steps that I made (incorporating the three ideas that arose, those of Michael Appeldorn, Mark Dalley and Boris Lorenz). There is not any file in the clients called ADVERT.DLL. I have proven using a client ftp free called CoffeCup (I believe that is your name, I don't remember well), with the same problem, Linux freezes; it doesn't care if I use passive or active mode. During the night it disables the firewall, and just leaves the masquerading options (using iptables and the example that it is in the header of the file firewall.rc.config); regrettably I obtained the same result, Linux continues freezing with petitions ftp. I admit that the option of using the kernel 2.2.20, disable pppoe/pppox and to install Roaring Penguin pppoe didn't prove it, since alone I can make it during the weekend; this company prefers to make it during the hours of less work (Saturdays and Sundays they also work). Now then, the boys of systems made two things while it was me out, they installed a memory monitor of the KDE and they entered to the system like a normal user, all the previous tests were made as root. And these two things happened: 1) the freezing percentages lowered until almost anything, with the exception of the ftp, that continues generating problems, 2) when linux freezes -for example, using a petition ftp - the memory monitor of the KDE goes diminishing the free memory until leaving it in 0 (zero), then linux freezes completely. Every time I am more confused, it should surely have several problems, I don't unite alone. And now I believe that the kernel 2.4.4 under certain conditions are unstable. I believe that it should no longer have a 'pacific solution' for this problem. I expect their help, and also understanding.
I deactivate netfilter, the problems continue. I believe that the best alternative is to change the kernel. The latest version it is 2.4.17 and again I will prove everything. Does Richard Ems suggest 2.2.20, is it stable? As I can know with which options SuSE compiles the kernels? Thanks to all for the help, now I bother in a time to comment again like it was everything. Ernesto
-----Mensaje original----- De: Michael Appeldorn [mailto:appeldorn@codixx.de] Enviado el: miércoles 20 de febrero de 2002 11:27 Para: 'Suse Security'; Grupo Dignitas Asunto: Re: RE: [suse-security] Ftp & more problems
Hi,
me suggested, to completly disable netfilter to determine if it involved, not to use just another configuration :O)_
I agree with the point, that somewhere in the memory-managment in conjunction with heavy network load the 2.4. seems to have probs.
Me 's running a samba-site and sometimes, without any suitable reason it's hanging. The log shows U killed smbd cauzed by out of memory.
Same as your example. So try another kernel. Just latest 2.2.x as suggested or >=2.4.15 as discussed here and somewhere else 4 stability reason.
And give us a feedback, even when it works.
Well friends: I will try to explain the steps that I made (incorporating the three ideas that arose, those of Michael Appeldorn, Mark Dalley and Boris Lorenz). There is not any file in the clients called ADVERT.DLL. I have proven using a client ftp free called CoffeCup (I believe that is your name, I don't remember well), with the same problem, Linux freezes; it doesn't care if I use passive or active mode. During the night it disables the firewall, and just leaves the masquerading options (using iptables and the example that it is in the header of the file firewall.rc.config); regrettably I obtained the same result, Linux continues freezing with petitions ftp. I admit that the option of using the kernel 2.2.20, disable pppoe/pppox and to install Roaring Penguin pppoe didn't prove it, since alone I can make it during the weekend; this company prefers to make it during the hours of less work (Saturdays and Sundays they also work). Now then, the boys of systems made two things while it was me out, they installed a memory monitor of the KDE and they entered to the system like a normal user, all the previous tests were made as root. And these two things happened: 1) the freezing percentages lowered until almost anything, with the exception of the ftp, that continues generating problems, 2) when linux freezes -for example, using a petition ftp - the memory monitor of the KDE goes diminishing the free memory until leaving it in 0 (zero), then linux freezes completely. Every time I am more confused, it should surely have several problems, I don't unite alone. And now I believe that the kernel 2.4.4 under certain conditions are unstable. I believe that it should no longer have a 'pacific solution' for this problem. I expect their help, and also understanding.
Friends: The day 21 of February was my I finish message regarding 'Ftp & problems'. They had suggested me several things (Michael Appeldorn, Mark Dalley, Boris Lorenz, Richard Ems, Gerd Ditzer) I made absolutely all, until I finally decided to change the kernel for the 2.4.18. It is not an easy task, but I should recognize that it is a very good learning instance. All the problems (see sent mail) they were solved, and until I have a better yield. I want to give thanks to all those that guided me in those ugly days, to the list, and to Linux to always give me the opportunity to learn. Ernesto
-----Mensaje original----- De: Grupo Dignitas [mailto:gdignitas@gamma.com.ar] Enviado el: jueves 21 de febrero de 2002 7:55 Para: 'Suse Security' Asunto: RE: RE: [suse-security] Ftp & more problems
I deactivate netfilter, the problems continue. I believe that the best alternative is to change the kernel. The latest version it is 2.4.17 and again I will prove everything. Does Richard Ems suggest 2.2.20, is it stable? As I can know with which options SuSE compiles the kernels? Thanks to all for the help, now I bother in a time to comment again like it was everything.
Ernesto
-----Mensaje original----- De: Michael Appeldorn [mailto:appeldorn@codixx.de] Enviado el: miércoles 20 de febrero de 2002 11:27 Para: 'Suse Security'; Grupo Dignitas Asunto: Re: RE: [suse-security] Ftp & more problems
Hi,
me suggested, to completly disable netfilter to determine if it involved, not to use just another configuration :O)_
I agree with the point, that somewhere in the memory-managment in conjunction with heavy network load the 2.4. seems to have probs.
Me 's running a samba-site and sometimes, without any suitable reason it's hanging. The log shows U killed smbd cauzed by out of memory.
Same as your example. So try another kernel. Just latest 2.2.x as suggested or >=2.4.15 as discussed here and somewhere else 4 stability reason.
And give us a feedback, even when it works.
Well friends: I will try to explain the steps that I made (incorporating the three ideas that arose, those of Michael Appeldorn, Mark Dalley and Boris Lorenz). There is not any file in the clients called ADVERT.DLL. I have proven using a client ftp free called CoffeCup (I believe that is your name, I don't remember well), with the same problem, Linux freezes; it doesn't care if I use passive or active mode. During the night it disables the firewall, and just leaves the masquerading options (using iptables and the example that it is in the header of the file firewall.rc.config); regrettably I obtained the same result, Linux continues freezing with petitions ftp. I admit that the option of using the kernel 2.2.20, disable pppoe/pppox and to install Roaring Penguin pppoe didn't prove it, since alone I can make it during the weekend; this company prefers to make it during the hours of less work (Saturdays and Sundays they also work). Now then, the boys of systems made two things while it was me out, they installed a memory monitor of the KDE and they entered to the system like a normal user, all the previous tests were made as root. And these two things happened: 1) the freezing percentages lowered until almost anything, with the exception of the ftp, that continues generating problems, 2) when linux freezes -for example, using a petition ftp - the memory monitor of the KDE goes diminishing the free memory until leaving it in 0 (zero), then linux freezes completely. Every time I am more confused, it should surely have several problems, I don't unite alone. And now I believe that the kernel 2.4.4 under certain conditions are unstable. I believe that it should no longer have a 'pacific solution' for this problem. I expect their help, and also understanding.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (4)
-
Boris Lorenz -
Grupo Dignitas -
Mark Dalley -
Michael Appeldorn