[opensuse] vsftpd ports
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3. If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow. Am I correct in assuming it's one port per user? Cheers, Steve. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 11/25/2007 07:15 PM, primm wrote:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
ftp uses one control port and one data port. I have used it on outgoing ftp only so far, but I would suggest checking out the SUSE ftp proxy, proxy-suite is its package name. It helps a lot with a firewall. -- Joe Morris Registered Linux user 231871 running openSUSE 10.3 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Sun, 25 Nov 2007, by lynn@steve-ss.com:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
You're not using the correct way of handling this. Use vsftpd's 'max_clients' and 'max_per_ip' parameters to limit the number of users. That way excess users get a sensible error when they try to connect. See vsftpd.conf(5) Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.20 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 25 November 2007 12:42:25 Theo v. Werkhoven wrote:
Sun, 25 Nov 2007, by lynn@steve-ss.com:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
You're not using the correct way of handling this. Use vsftpd's 'max_clients' and 'max_per_ip' parameters to limit the number of users. That way excess users get a sensible error when they try to connect. See vsftpd.conf(5)
Thanks. Works well. Still need one port per connection.. Cheers. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Wed, 28 Nov 2007, by lynn@steve-ss.com:
On Sunday 25 November 2007 12:42:25 Theo v. Werkhoven wrote:
Sun, 25 Nov 2007, by lynn@steve-ss.com:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
You're not using the correct way of handling this. Use vsftpd's 'max_clients' and 'max_per_ip' parameters to limit the number of users. That way excess users get a sensible error when they try to connect. See vsftpd.conf(5)
Thanks. Works well.
Still need one port per connection..
Not possible with FTP. This protocol needs a socket pair for both the Data and the Command channel. For active FTP TCP dest. port 21 and source port 20, for passive FTP dest. port 21 plus a high dest. port. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.3 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.22 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 28 November 2007 22:50:24 Theo v. Werkhoven wrote:
Wed, 28 Nov 2007, by lynn@steve-ss.com:
On Sunday 25 November 2007 12:42:25 Theo v. Werkhoven wrote:
Sun, 25 Nov 2007, by lynn@steve-ss.com:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
You're not using the correct way of handling this. Use vsftpd's 'max_clients' and 'max_per_ip' parameters to limit the number of users. That way excess users get a sensible error when they try to connect. See vsftpd.conf(5)
Thanks. Works well.
Still need one port per connection..
Not possible with FTP. This protocol needs a socket pair for both the Data and the Command channel. For active FTP TCP dest. port 21 and source port 20, for passive FTP dest. port 21 plus a high dest. port.
So, using passive for 5 users I need 21 and 1025 to 1029. Or will just one high port do for all 5 connections? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thu, 29 Nov 2007, by lynn@steve-ss.com:
On Wednesday 28 November 2007 22:50:24 Theo v. Werkhoven wrote:
Wed, 28 Nov 2007, by lynn@steve-ss.com:
On Sunday 25 November 2007 12:42:25 Theo v. Werkhoven wrote:
Sun, 25 Nov 2007, by lynn@steve-ss.com:
I've opened ports 20, 21 and 1025 to 1029 via SuSEfirewall2 on 10.3.
If all the ports are taken is there a way of telling the next user to wait or try again later? As it is it just leaves them wondering and waiting and allowing more users makes the system too slow.
Am I correct in assuming it's one port per user?
You're not using the correct way of handling this. Use vsftpd's 'max_clients' and 'max_per_ip' parameters to limit the number of users. That way excess users get a sensible error when they try to connect. See vsftpd.conf(5)
Thanks. Works well.
Still need one port per connection..
Not possible with FTP. This protocol needs a socket pair for both the Data and the Command channel. For active FTP TCP dest. port 21 and source port 20, for passive FTP dest. port 21 plus a high dest. port.
So, using passive for 5 users I need 21 and 1025 to 1029. Or will just one high port do for all 5 connections?
No, your first assumption was correct. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.3 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.22 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Joe Morris (NTM) -
primm -
Theo v. Werkhoven