HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Problems with ftp disconnections! (http://www.howtoforge.com/forums/showthread.php?t=22152)

Allmight 9th April 2008 19:30

Problems with ftp disconnections!
 
Hi!

I have a problem with my fpt server. When i upload, download or remove files on the server i keep getting disconnected.

For example, when uploading Joomla to one of my web sites i get dissconected repetedly.

Code:

Command:        DELE components.php
Response:        250 DELE command successful
Command:        CWD /web/administrator/components/com_installer/
Response:        250 CWD command successful
Command:        PWD
Response:        257 "/web/administrator/components/com_installer" is current directory.
Command:        RMD models
Response:        250 RMD command successful
Status:        Retrieving directory listing...
Command:        CWD views
Response:        250 CWD command successful
Command:        PWD
Response:        257 "/web/administrator/components/com_installer/views" is current directory.
Command:        PASV
Response:        227 Entering Passive Mode (217,151,53,162,148,109).
Command:        LIST
Response:        150 Opening ASCII mode data connection for file list
Response:        226 Transfer complete.
Status:        Directory listing successful
Command:        DELE index.html
Response:        250 DELE command successful
Status:        Retrieving directory listing...
Command:        CWD components
Response:        250 CWD command successful
Command:        PWD
Response:        257 "/web/administrator/components/com_installer/views/components" is current directory.
Command:        PASV
Error:        Disconnected from server
Error:        Failed to retrieve directory listing

I run proftpd on my server in SSL/TLS mode, and use FileZilla for the uploading. I can for the life of me not figure out what is wrong.

PROFTPD.CONF
Code:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                        off

DefaultRoot                    ~
IdentLookups                    off
ServerIdent                    on "FTP Server ready."

ServerName                      "Debian"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                  on
ShowSymlinks                    on

TimeoutNoTransfer              600
TimeoutStalled                  600
TimeoutIdle                    1200

DisplayLogin                    welcome.msg
DisplayFirstChdir              .message
ListOptions                    "-l"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
# DefaultRoot                  ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell            off

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534
PassivePorts                    37990 38000

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress              217.151.53.162

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                          nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                          022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile                  off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend                    mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog  /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine on
TLSLog                    /var/log/proftpd/tls.log
TLSProtocol                SSLv23
TLSOptions                NoCertRequest
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile  /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog          /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#  User                                ftp
#  Group                              nogroup
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                  anonymous ftp
#  # Cosmetic changes, all files belongs to ftp user
#  DirFakeUser on ftp
#  DirFakeGroup on ftp
#
#  RequireValidShell          off
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                  10
#
#  # We want 'welcome.msg' displayed at login, and '.message' displayed
#  # in each newly chdired directory.
#  DisplayLogin                        welcome.msg
#  DisplayFirstChdir          .message
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Directory *>
#    <Limit WRITE>
#      DenyAll
#    </Limit>
#  </Directory>
#
#  # Uncomment this if you're brave.
#  # <Directory incoming>
#  #  # Umask 022 is a good standard umask to prevent new files and dirs
#  #  # (second parm) from being group and world writable.
#  #  Umask                          022  022
#  #            <Limit READ WRITE>
#  #            DenyAll
#  #            </Limit>
#  #            <Limit STOR>
#  #            AllowAll
#  #            </Limit>
#  # </Directory>
#
# </Anonymous>

DefaultRoot ~

#Include /etc/proftpd_ispconfig.conf

Any ideas what may cause this disconnecting issue? FileZilla is more or less at it's default settings.

My server is installed using this guide, http://www.howtoforge.com/perfect_setup_ubuntu704
I have also installed ISPConfig and Webmin on the server, and activated SSL/TLS using this guide, http://www.howtoforge.com/proftpd-tls-debian-etch

Allmight 9th April 2008 20:13

After scanning the ftp logs, i found this in proftpd.log

Code:

Apr 09 18:23:21 ws1.allsoftstudios.com proftpd[5159] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:23:44 ws1.allsoftstudios.com proftpd[5168] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:23:44 ws1.allsoftstudios.com proftpd[5168] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:23:48 ws1.allsoftstudios.com proftpd[5167] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:23:48 ws1.allsoftstudios.com proftpd[5167] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:23:52 ws1.allsoftstudios.com proftpd[5166] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:23:52 ws1.allsoftstudios.com proftpd[5166] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:24:02 ws1.allsoftstudios.com proftpd[5173] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:24:02 ws1.allsoftstudios.com proftpd[5173] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:24:11 ws1.allsoftstudios.com proftpd[5178] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:24:11 ws1.allsoftstudios.com proftpd[5178] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:24:15 ws1.allsoftstudios.com proftpd[5179] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): Passive data transfer failed, possibly due to network issues
Apr 09 18:24:15 ws1.allsoftstudios.com proftpd[5179] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): Check your PassivePorts and MasqueradeAddress settings,
Apr 09 18:24:15 ws1.allsoftstudios.com proftpd[5179] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): and any router, NAT, and firewall rules in the network path.
Apr 09 18:24:15 ws1.allsoftstudios.com proftpd[5179] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:24:15 ws1.allsoftstudios.com proftpd[5179] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 18:30:01 ws1.allsoftstudios.com proftpd[5424] ws1.allsoftstudios.com (localhost.localdomain[127.0.0.1]): FTP session opened.
Apr 09 18:30:01 ws1.allsoftstudios.com proftpd[5424] ws1.allsoftstudios.com (localhost.localdomain[127.0.0.1]): FTP session closed.
Apr 09 18:32:32 ws1.allsoftstudios.com proftpd[5284] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP no transfer timeout, disconnected
Apr 09 18:32:32 ws1.allsoftstudios.com proftpd[5284] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session closed.
Apr 09 19:00:01 ws1.allsoftstudios.com proftpd[5798] ws1.allsoftstudios.com (localhost.localdomain[127.0.0.1]): FTP session opened.
Apr 09 19:00:01 ws1.allsoftstudios.com proftpd[5798] ws1.allsoftstudios.com (localhost.localdomain[127.0.0.1]): FTP session closed.

Seems proftpd keep closing the connection for no transfer timeout, even though i am in the middle of an upload session.

Here's another error i get in the middle of an upload...
Code:

Apr 09 19:27:00 ws1.allsoftstudios.com proftpd[6269] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session opened.
Apr 09 19:27:00 ws1.allsoftstudios.com proftpd[6269] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): USER web1_allmight: Login successful.
Apr 09 19:27:00 ws1.allsoftstudios.com proftpd[6269] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): Preparing to chroot to directory '/var/www/web1'
Apr 09 19:27:00 ws1.allsoftstudios.com proftpd[6269] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): mod_delay/0.5: delaying for 677 usecs
Apr 09 19:27:08 ws1.allsoftstudios.com proftpd[6272] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session opened.
Apr 09 19:27:08 ws1.allsoftstudios.com proftpd[6272] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): USER web1_allmight: Login successful.
Apr 09 19:27:08 ws1.allsoftstudios.com proftpd[6272] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): Preparing to chroot to directory '/var/www/web1'
Apr 09 19:27:08 ws1.allsoftstudios.com proftpd[6272] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): mod_delay/0.5: delaying for 924 usecs
Apr 09 19:27:23 ws1.allsoftstudios.com proftpd[6275] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): FTP session opened.
Apr 09 19:27:23 ws1.allsoftstudios.com proftpd[6275] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): mod_delay/0.5: delaying for 10 usecs
Apr 09 19:27:23 ws1.allsoftstudios.com proftpd[6275] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): USER web1_allmight: Login successful.
Apr 09 19:27:23 ws1.allsoftstudios.com proftpd[6275] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): Preparing to chroot to directory '/var/www/web1'
Apr 09 19:27:23 ws1.allsoftstudios.com proftpd[6275] ws1.allsoftstudios.com (217.151.53.164[217.151.53.164]): mod_delay/0.5: delaying for 24 usecs
Apr 09 19:27:32 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:37 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:42 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:47 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:47 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:52 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied
Apr 09 19:27:52 ws1.allsoftstudios.com proftpd[6150] ws1.allsoftstudios.com: MaxInstances (30) reached, new connection denied

MaxInstances (30) reached, new connection denied, what does this mean? When it happens, the client is unable to reconnect and resume upload.

And the passive ports are opened in the firewall. I mean, i can connect in passive mode, and upload/download just fine. Just that i get disconnected all the time.

Allmight 10th April 2008 18:26

Okay, seems i get the exact same problem with vsftpd. I get disconnected all the time. I can live with it during uploads since the client reconnects automatically and continues. But when i am deleting large amounts of files over ftp, i get disconnected every 4 seconds or so, and have to reconnect manually and manually start the delete process again.

The disconnection part is not after a specific command, but happens at random places during the process.

I get the same with both proftpd and vsftpd. I use FileZilla.

Same server setup as specified in the first post, just changed from proftpd to vsftpd.

Anyone know what's going on here, and how to remedy this problem?

falko 10th April 2008 19:06

Did you try both active and passive transfers in your FTP client?
Is there a firewall on the server?

chipsafts 10th April 2008 19:51

Does the same thing happen if you use a command line
ftp client ?

Allmight 10th April 2008 20:08

@Falko

Yes, the iptables firewall is on the server, and the server itself it connected directly to the internet. No router in between.

I have tried both Active and Inactive. But in Active i cannot even get a complete connection to the server, get stuck at the LIST part of the login, as you may remember from another post.

@Chipsafts
No, i havn't. My personal computer is a Vista one, and running under Windows you easily get spoiled by GUI tools. Don't even know how, if at all possible to run ftp over the console.

In my router i have port maped port 20 and 21 and the passive ports to my computer. Note, personally, i am behind a router, but the server is not.

falko 11th April 2008 22:27

Quote:

Originally Posted by Allmight
@Falko

Yes, the iptables firewall is on the server, and the server itself it connected directly to the internet. No router in between.

What's the output of
Code:

iptables -L
?

Allmight 12th April 2008 18:07

This is my current iptables setup...

Code:

Chain INPUT (policy DROP)
target    prot opt source              destination
ACCEPT    0    --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ftp-data
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ftp
LOG_ACCEPT  tcp  --  anywhere            anywhere            tcp dpt:ssh
LOG_ACCEPT  tcp  --  anywhere            anywhere            tcp dpt:smtp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:whois
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:domain
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:www
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:81
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:pop3
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:imap2
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:https
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:spamd
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:imaps
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:mysql
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:webmin
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:20000
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:37990:38000
ACCEPT    0    --  localhost.localdomain  anywhere
icmp_packets  icmp --  anywhere            anywhere
LOG_DROP  0    --  anywhere            anywhere

Chain FORWARD (policy DROP)
target    prot opt source              destination

Chain OUTPUT (policy DROP)
target    prot opt source              destination
ACCEPT    0    --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ftp-data
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ftp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:telnet
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:smtp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:whois
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:domain
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:www
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:81
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:pop3
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:imap2
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:https
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:spamd
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:imaps
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:mysql
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:webmin
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:20000
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:37990:38000
ACCEPT    0    --  anywhere            localhost.localdomain
icmp_packets  icmp --  anywhere            anywhere
LOG_DROP  0    --  anywhere            anywhere

Chain LOG_ACCEPT (2 references)
target    prot opt source              destination
LOG        0    --  anywhere            anywhere            LOG level warning tcp-options ip-options prefix `[IPTABLES ACCEPT] : '
ACCEPT    0    --  anywhere            anywhere

Chain LOG_DROP (2 references)
target    prot opt source              destination
LOG        0    --  anywhere            anywhere            LOG level warning tcp-options ip-options prefix `[IPTABLES DROP] : '
DROP      0    --  anywhere            anywhere

Chain icmp_packets (2 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere            icmp echo-reply
ACCEPT    icmp --  ws1.allsoftstudios.com  anywhere            icmp echo-request
DROP      icmp --  anywhere            anywhere            icmp echo-request
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded


falko 13th April 2008 21:15

The ports 20 and 21 are open, so active FTP should work. Does it work when you completely disable the firewall?

Allmight 15th April 2008 00:02

No, it does'nt. However, if i connect my workstation directly to the internet, bypassing the router, then i can get active mode to work. I have maped port 20 and 21 to my local IP address in the router, so i don't know why it won't work when the router is in between. So it seems that problem is not on the server side, but on my workstation side.

Regarding the disconnection problem i mentioned, i have figured out what caused that problem. It was the firewall in Vista that made my client disconnect frequently when large amounts of files were deleted, renamed and/or chmod'ed. If i disable the firewall on vista it works fine. And i really don't need that firewall since i am behind a router. But would be nice to figure out why the Vista firewall causes this behavior.


All times are GMT +2. The time now is 11:56.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.