Debian 6.0 ftp loses host & aborts - ispconfig3

Discussion in 'HOWTO-Related Questions' started by conductive, Oct 3, 2011.

  1. conductive

    conductive New Member

    I have loaded the Debian 6.0 server 4 times and it will still fail during ftp file transfer. Transfer log does not show failures. CentOS loads did not have a problem with the files or the transfer.

    display Error:
    "could not connect to host 192.168.0.50 Timed out while trying to connect to remote host."

    This is odd since I was logged in via ssh and a few files did transfer. I am not sure where to get a better error or?

    Thanks
     
  2. falko

    falko Super Moderator

    Did you try both active and passive transfers in your FTP client?
     
  3. conductive

    conductive New Member

    Not sure I was using Konqueror and/or IE to dump multiple files. I can use this method on CentOS without a problem.
     
  4. till

    till Super Moderator

  5. conductive

    conductive New Member

    Thanks for the verbose clue.

    I loaded Debian 6.0 and enabled verbose mode. Not sure what happened other than what appears to be a lot of ipv6 activity.

    "Could not connect to host 192.168.0.50. Timed out trying to connect to remote host" which is on my lan.
    -------------------
    Oct 4 20:50:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 20:50:01 lxw32 pure-ftpd: (?@127.0.0.1) [DEBUG] Command [quit] []
    Oct 4 20:50:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 4 20:50:01 lxw32 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 4 20:50:01 lxw32 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 4 20:50:01 lxw32 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 4 20:50:01 lxw32 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 4 20:50:01 lxw32 postfix/smtpd[2929]: connect from localhost.localdomain[127.0.0.1]
    Oct 4 20:50:01 lxw32 postfix/smtpd[2929]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Oct 4 20:50:01 lxw32 postfix/smtpd[2929]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 4 20:50:08 lxw32 kernel: [ 1811.676035] [drm] nouveau 0000:01:00.0: Setting dpms mode 1 on vga encoder (output 0)
    Oct 4 20:50:22 lxw32 mpt-statusd: detected non-optimal RAID status
    Oct 4 20:51:01 lxw32 /USR/SBIN/CRON[2959]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    Oct 4 20:52:01 lxw32 /USR/SBIN/CRON[2969]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    root@lxw32:~#
     
  6. till

    till Super Moderator

    The messages above are not from a ftp file transfer or connection. The pureftpd lines are from system monitor and the other lines are from different applications.

    Please try to rrproduce the error that you had before and the look directly into the file /var/log/syslog and post the messages that have been added by pure-ftpd at the end of the file.
     
  7. conductive

    conductive New Member

    syslog
    -----

    ct 4 23:30:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 23:30:01 lxw32 pure-ftpd: (?@127.0.0.1) [DEBUG] Command [quit] []
    Oct 4 23:30:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 4 23:30:01 lxw32 imapd: Connection, ip=[::ffff:127.0.0.1]
    Oct 4 23:30:01 lxw32 pop3d: Connection, ip=[::ffff:127.0.0.1]
    Oct 4 23:30:01 lxw32 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
    Oct 4 23:30:01 lxw32 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
    Oct 4 23:30:01 lxw32 postfix/smtpd[2872]: connect from localhost.localdomain[127.0.0.1]
    Oct 4 23:30:01 lxw32 postfix/smtpd[2872]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Oct 4 23:30:01 lxw32 postfix/smtpd[2872]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 4 23:31:01 lxw32 /USR/SBIN/CRON[2893]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    Oct 4 23:32:01 lxw32 /USR/SBIN/CRON[2901]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    Oct 4 23:33:01 lxw32 /USR/SBIN/CRON[2909]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    Oct 4 23:34:01 lxw32 /USR/SBIN/CRON[2917]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
    Oct 4 23:34:38 lxw32 kernel: [ 1811.724036] [drm] nouveau 0000:01:00.0: Setting dpms mode 1 on vga encoder (output 0)
    root@lxw32:/var/log#
     
  8. conductive

    conductive New Member

    messages
    --------------
    Oct 4 23:24:51 lxw32 mpt-statusd: detected non-optimal RAID status
    Oct 4 23:25:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 23:25:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 4 23:30:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 23:30:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 4 23:34:38 lxw32 kernel: [ 1811.724036] [drm] nouveau 0000:01:00.0: Setting dpms mode 1 on vga encoder (output 0)
    Oct 4 23:34:51 lxw32 mpt-statusd: detected non-optimal RAID status
    Oct 4 23:35:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 23:35:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Oct 4 23:39:05 lxw32 pure-ftpd: (super1@192.168.0.3) [INFO] Timeout - try typing a little faster next time
    Oct 4 23:39:05 lxw32 pure-ftpd: (super1@192.168.0.3) [INFO] Timeout - try typing a little faster next time
    Oct 4 23:40:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Oct 4 23:40:01 lxw32 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    root@lxw32:/var/log#
     
  9. till

    till Super Moderator

    Thats not the full log of this connection. Please post all messages starting from the login by IP 192.168.0.3 until the time where the error appeared.

    Also you should try active and passive FTP connections as falko suggested and shutdown the firewall to see if this is a firewall issue.
     
  10. conductive

    conductive New Member

    Fail2ban
    ---------

    2011-10-04 23:04:52,202 fail2ban.jail : INFO Jail 'pureftpd' started
    2011-10-04 23:04:52,206 fail2ban.jail : INFO Jail 'ssh' started
    2011-10-04 23:04:52,214 fail2ban.jail : INFO Jail 'sasl' started
    2011-10-04 23:04:52,228 fail2ban.jail : INFO Jail 'courierimaps' started
    2011-10-04 23:24:05,171 fail2ban.actions: WARNING [pureftpd] Ban 192.168.0.3
    2011-10-04 23:34:05,803 fail2ban.actions: WARNING [pureftpd] Unban 192.168.0.3
    root@lxw32:/var/log#
     
  11. till

    till Super Moderator

    Ok, so fail2ban disconnected you due to too many failed login attemps. Please stop fail2ban and check if that solves your problem.
     
  12. conductive

    conductive New Member

    I will try stopping fail2ban after I figure that out, but I never failed a log in. That could be an auto login failure due to a time out. I have only used one pass word and did not have any failure. Remember this happens on every load.
     
  13. till

    till Super Moderator

    There might be a typo in the fail2ban config files then, most likely in the regular expression. Have you retyped the config file scontents or copy and pasted?
     
  14. conductive

    conductive New Member

    There are about 5 files/filters that were created by cut and paste for the fail2ban. I am not convinced of the fail to ban since I am logged in and transferring when this happens. Fail2ban comes in to play when the connect automatically keeps trying to reconnect during this snafu.

    Why am I trying to log in during ftp session? I do not believe that that would be fail2ban.

    Also remember that this happens in every load so if I did a cut and paste snafu I am a repeat offender.

    I just want something that works I do not mind a little work but this r&d has just gone on too long on servers that will never work without lots of work.
     
  15. till

    till Super Moderator

    Just stop fail2ban to see if this solves the problem. It does not matter if you belive that its fail2ban or not as aou would never know if you dont try it.

    The problem took so long to be solved because you always reinstalled the server and truied different Linux distributions instead of just taking a short look into the log files and debug the problem. Not sure what your FTP client is doing during the session as you posted log snippets that did not contain the full ftp session, but it must do something that fail2ban recognized as failed login attempts. We use here several copies of the perfect setup guide on production servers and dont have such a ftp problem and I know a lot of administrators that use the same setup. So the problem must be something that is specific to your setup (setup is the combination of server, network and host) as we ahd no reports that someone else encountered that before.

    So to gtet this fixed, stop fail2ban and then try the ftp operation again that failed. If fail2ban is causing this, then we can take a look at the fail2ban regex and compare it with your log lines (we need the full FTP sesion of a failed transfer plus the fail2ban log) and either modify or change the fail2ban rule.
     
  16. conductive

    conductive New Member

    Till,

    Thanks for the information.

    It was not that I did not want to turn off fail2ban I did not know how to turn it off since I have never used it. I did include the fail2ban errors due to my uncertainty of its operation.

    I shut down fail2ban /etc/init.d/fail2ban stop and files transfered flawlessly.

    Restarted fail2ban /etc/init.d/fail2ban start and files transfered flawlessly.

    rebooted system and files transfered flawlessly.

    It appears that this whole time I was one restart away from success on several occasions.
     
  17. conductive

    conductive New Member

    Restarting fail2ban did not fwork with my online server and I had to stop fail2ban so that I could use ftp.

    The good news is that I have a work around but there is still a problem. I will have to do more tests. It seems like ftp is not very tolerant of network inconsistencies and as a result times out. My client will try to login after a disconnect and after a few times fail2ban kicks in and transfer stops.

    But after I acknowledge the error transfer will start again. Maybe abort was the wrong choice or words since it may just pause the transfer. I do not feel I was ever fully locked out like fail2ban should.

    Is there some tyoe of TTL or other adjustments that I can adjust to make it work better.

    Thanks
     
  18. till

    till Super Moderator

    Please post the pure-ftpd log lines of a complete ftp session incl. the reconnect lines and also the fail2ban log so that I can see how the regex can be modified to avoid this.
     
  19. conductive

    conductive New Member

    That sounds really awesome!

    I was able to hold several ftp connections with any amount of data without a problem when F2B was off.

    I have been in the mud for longer than I care to admit, have to straighten up a few of the snafus at the moment and will will work on assembling some intelligent data to work with.

    thanks!!!
    &
    Keep up the good work!
     

Share This Page