| View previous topic :: View next topic |
| Author |
Message |
Skardal
n00b
Joined: 12 Mar 2005
Posts: 39
Location: Norway
|
 Posted: Sat Sep 10, 2005 5:12 pm Post subject: Strange glftpd problem |
 |
|
I've been workin' on a glftpd server the last days, and it works pretty good now, but I sill have one BIG problem.
LAN computers can connect without problems. Some outside (wan) computers can connect without problems, some have to wait for several minutes before they finally connects and someone even can't log on at all. Just timeout.
This is my xinet configs:
xinet.conf
| Code: |
defaults
{
instances = 60
log_type = SYSLOG authpriv info
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
|
xinet.d/glftpd
| Code: | service glftpd
{
disable = no
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/tcpd
server_args = /opt/glftpd/bin/glftpd -l -i -z cert=/etc/glftpd-dsa.pem -o -r /opt/glftpd/glftpd.conf -s /opt/glftpd/bin/glstrings.bin
}
|
glftpd.conf
| Code: |
# Server shutdown: 0=server open, 1=deny all but siteops, !*=deny all, etc
#shutdown 1
sitename_long HVV[:space:]VI[:space:]SITE
sitename_short HVV_VI
email mail@my.ass
rootpath /opt/glftpd/
# Path relative to the ROOTPATH.
datapath /ftp-data
welcome_msg /ftp-data/misc/welcome.msg *
goodbye_msg /ftp-data/misc/goodbye.msg *
newsfile /ftp-data/misc/newsfile *
banner /ftp-data/misc/banner
# TLS enforcements.
userrejectsecure !*
userrejectinsecure !*
denydiruncrypted !*
denydatauncrypted !*
# we will not show the dir/file listings in color
color_mode 0
# passive ports and adresse
pasv_ports 50000-50100
pasv_addr 62.113.132.74 1
# allow fxp
allow_fxp yes yes no *
##############################################################################
# SECTION # KEYWORD DIRECTORY SEPARATE CREDITS #
##############################################################################
stat_section DEFAULT * yes
##############################################################################
################## THE RIGHTS SECTION BEGINS HERE ####################
##############################################################################
# (you can use a ! in front of any group/user/flag to negate it) #
# The default is no, you don't need to add "!*" at the end #
# #
# Function Path =GROUP or -username or X (flag) #
##############################################################################
upload * *
resume * *
makedir * *
download * *
dirlog * *
rename * 1 =STAFF
filemove * 1 =STAFF
renameown * *
nuke * *
delete * 1
deleteown * *
##############################################################################
################### THE RIGHTS SECTION ENDS HERE #####################
##############################################################################
##############################################################################
# secure_pass mask users to whom this rule applies #
##############################################################################
#secure_pass a2.. *
##############################################################################
# secure_ip min. fields allow hostnames? need ident? users to whom this applies
##############################################################################
#secure_ip 1 1 1 *
##############################################################################
#path-filter group path/msgfile filters
path-filter * /ftp-data/misc/pathmsg ^[-A-Za-z0-9_.()[:space:]]*$ ^\. ^-
use_dir_size k /site/incoming
show_totals * *
show_diz .message *
free_space 20
max_users 15 5
total_users 300
# dupecheck how many days? ignore file case like Windows?
dupe_check 7 no
dl_incomplete 1
noretrieve passwd passwd- group group-
min_homedir /site
#############################################################################
# <cap 1st letter> <lower/upper> character conversions...
#file_names 0 lower [:space:]_
#dir_names 1 none [:space:]_
#############################################################################
#tagline No[:space:]Tagline[:space:]Set
ignore_type *.[tT][xX][tT] *.[nN][fF][oO] [rR][eE][aA][dD][mM][eE] .message
ignore_type *.[sS][fF][vV] *.[cC][rR][cC] *.[dD][iI][zZ]
#############################################################################
#pre_dir_check /bin/dirscript
#pre_check /bin/dupescript
#post_check /bin/zipscript
#############################################################################
############## Location #################### Max number of lines in Display #
requests /ftp-data/misc/requests 10
#############################################################################
oneliners 10
lastonline 0
############################################################################
# Nukedir_Style:
# 1st. Option [Format: %N = DIR]
# 2nd. Option 0 = Delete ALL, 1 = Save main dir., 2 = Save ALL (UNNUKE)
# 3rd. Option [Byte Size] for nuker to discount.
############################################################################
nukedir_style NUKED-%N 2 50000
empty_nuke 25000
multiplier_max 20
############################################################################
# Private Groups: privgroup GROUPNAME GROUPDESC #
############################################################################
privgroup STAFF Site[:space:]Staff[:space:]Group
############################################################################
# PRIVPATHS: Directories should be uniquely named (no wildcards) #
############################################################################
#privpath /site/privatedir 1 =STAFF
############################################################################
# CUSTOM SITE COMMANDS #
# site_cmd [CMD NAME] [EXEC/TEXT] [PATH TO FILE] #
############################################################################
site_cmd RULES TEXT /ftp-data/misc/site.rules
site_cmd LOCATE EXEC /bin/locate.sh
# Some aliases for group stats commands
site_cmd GRPWKUP IS GPWK
site_cmd GRPWKDN IS GPWD
site_cmd GRPMONTHUP IS GPMONTHUP
site_cmd GRPMONTHDN IS GPMONTHDN
site_cmd GRPALUP IS GPAL
site_cmd GRPALDN IS GPAD
custom-grpwkup !8 *
custom-grpwkdn !8 *
custom-grpmonthup !8 *
custom-grpmonthdn !8 *
custom-grpalup !8 *
custom-grpaldn !8 *
custom-rules !8 *
#locate allows users to search priv dirs !!!!, do not use it
custom-locate 1
-addip 1 2 7
-adduser 1 2 7
-change 1 7
-changeallot 1 2 7
-changeflags 1
-changeratio 1 2 7
-changesratio 1 7
-changehomedir 1
-chmod 1
-chgadmin 1 7
-chgrp 1 7
-chgrp-priv 1
-chpass 1
-delip 1 2 7
-delownip !8 *
-deluser 1 2 7
-dirs !8 *
-errlog 1
-flags !8 *
-gadduser 1 7
-ginfo 2 H
-give G
-group !3 *
-groups !8 *
-grp !8 *
-groupcomment 1
-grpadd 1
-grpchange 1
-grpdel 1
-grplog 1
-grpnfo 1 2
-grpren 1
-grpstats *
-help !8 *
-info !8 *
-kick D
-kill E
-logins 1
-misc !8 *
-msg !8 *
-msg* 1
-msg= 1
-msg{ !8 *
-nuke A
-onel !8 *
-oneladd !8 *
-passwd !8 *
-predupe C
-purge 1
-readd 1 2 7
-renuser 1 7
-reqlog 1 A B 7
-request !8 *
-requestadd !8 *
-show 1
-showhiddenusers 1
-stat !8 *
-stats !8 *
-swho =STAFF 1 E
-take F
-syslog 1 =STAFF
-undupe C
-unnuke B
-update 1
-user !8 *
-users H
-usercomment 1 7
-userextra 1 2 7
-who !8 *
-wipe 1
-seen 1
-laston 1
-userothers 1
-traffic 1 7
|
I've forwarded port 50000-50100 in my router.
This is starting to freak me out  |
|
| Back to top |
|
 |
Skardal
n00b
Joined: 12 Mar 2005
Posts: 39
Location: Norway
|
| Posted: Mon Sep 12, 2005 7:53 pm Post subject: |
|
|
I just tested with pure-ftpd. It works without problems...All users can connect.
Please!
I've noticed there's others with the same unsolved question... |
|
| Back to top |
|
|
statare
n00b
Joined: 25 Mar 2005
Posts: 28
Location: Sweden
|
| Posted: Sun Sep 18, 2005 10:48 pm Post subject: |
|
|
Hmm I had something similar, but that was on a old version. Don't use glfpd anymore. I solved it by switching client. Users with flashfxp had no problem so I told everyone to use that. I have no idea why that worked. And make sure they use passive mode if they are firewalled.
Here is a nice explanation of passive and active http://slacksite.com/other/ftp.html |
|
| Back to top |
|
|
elestedt
Guru
Joined: 13 Mar 2005
Posts: 383
|
| Posted: Mon Sep 19, 2005 6:19 am Post subject: |
|
|
Their IP has to be allowed before the server accepts their connections!
Add their IP using | Code: | | site users addip <user> <ipmask> |
and it should work |
|
| Back to top |
|
|
Skardal
n00b
Joined: 12 Mar 2005
Posts: 39
Location: Norway
|
| Posted: Tue Sep 20, 2005 5:26 pm Post subject: |
|
|
All users are added with correct ipmask.
I'll try the passive/active case 
Thanks, so far! |
|
| Back to top |
|
|
Skardal
n00b
Joined: 12 Mar 2005
Posts: 39
Location: Norway
|
| Posted: Thu Sep 22, 2005 4:39 pm Post subject: |
|
|
Still not working..When users who just get timeout tries to connect I noticed this:
| Code: |
ps aux | grep ftp
root 7565 0.0 0.0 4424 1364 ? Ss 18:32 0:00 glftpd:ns0.gene6.net: connected
|
|
|
| Back to top |
|
|
elestedt
Guru
Joined: 13 Mar 2005
Posts: 383
|
| Posted: Fri Sep 23, 2005 4:27 pm Post subject: |
|
|
| Skardal wrote: | Still not working..When users who just get timeout tries to connect I noticed this:
| Code: |
ps aux | grep ftp
root 7565 0.0 0.0 4424 1364 ? Ss 18:32 0:00 glftpd:ns0.gene6.net: connected
|
|
Does either server or client run a firewall?
Otherwise I would check dmesg and glftp logs for errors. |
|
| Back to top |
|
|
Xake
Guru
Joined: 11 Feb 2004
Posts: 588
Location: Göteborg, the rainy part of scandinavia
|
| Posted: Tue Oct 11, 2005 9:08 am Post subject: |
|
|
| Got a solution? It seems like I experience the same problem. |
|
| Back to top |
|
|
Skardal
n00b
Joined: 12 Mar 2005
Posts: 39
Location: Norway
|
| Posted: Sat Oct 29, 2005 6:12 pm Post subject: |
|
|
Not really...I choosed to use a Debian box for my glftpd..That worked without any pain 
I do think it's the xinetd that's the problem... |
|
| Back to top |
|
|
Xake
Guru
Joined: 11 Feb 2004
Posts: 588
Location: Göteborg, the rainy part of scandinavia
|
| Posted: Sat Oct 29, 2005 11:30 pm Post subject: |
|
|
I forgot about this topic, sorry.
I found a workaround that worked on this system, maybe you can try and confirm?
I had to compile xinet without the tcpd use-flag and then alter xinet.d/glftpd to not use tcpd.
After that everything started to work just as it should. |
|
| Back to top |
|
|
qriff
n00b
Joined: 04 Dec 2003
Posts: 73
|
| Posted: Sun Jan 22, 2006 10:27 am Post subject: |
|
|
Nothing strange...
Partial "man tcpd":
"RFC 931
When RFC 931 etc. lookups are enabled (compile-time option) tcpd will attempt
to establish the name of the client user. This will succeed only if the client
host runs an RFC 931-compliant daemon. Client user name lookups will not work
for datagram-oriented connections, and may cause noticeable delays in the case
of connections from PCs." |
|
| Back to top |
|
|
|
Networking & Security
