Problema
As conexões em um Proftpd 1.3.6 (atualizadas de 1.3.1 com o mesmo problema) são eliminadas durante a transferência de dados com a mensagem:
421 No transfer timeout (3600 seconds): closing control connection
O tempo após o login até obter o erro varia, pode ser de 5 segundos a alguns minutos. Examinamos os logs (trechos listados abaixo) e não conseguimos encontrar uma razão clara para o comportamento. O erro pode ocorrer se apenas um usuário estiver conectado e também se sessões simultâneas do mesmo usuário estiverem abertas.
O Wireshark mostra que o "421: Sem tempo limite de transferência" é enviado do servidor como uma resposta ao cliente.
O Proftpd está sendo executado em um sistema openSuse virtual antigo em um ESXi 4.1. Apenas a conta ftpusr
é usada para transferências por FTP.
Obrigado pela sua ajuda com antecedência.
Trechos de log
log do cliente de FTP:
{snip}
150 Opening ASCII mode data connection for xyz_XML_Interface-Rawdata_20171124_16
1300_43864.tmp (597 bytes)
226 Transfer complete
ftp: 611 bytes received in 0.00Seconds 611000.00Kbytes/sec.
200 PORT command successful
150 Opening ASCII mode data connection for xyz_XML_Interface-Rawdata_20171209_06
5800_63895.tmp (443 bytes)
226 Transfer complete
ftp: 456 bytes received in 0.00Seconds 456.00Kbytes/sec.
200 PORT command successful
150 Opening ASCII mode data connection for xyz_XML_Interface-Rawdata_20171230_09
2000_93119.tmp (277 bytes)
226 Transfer complete
ftp: 288 bytes received in 0.00Seconds 288000.00Kbytes/sec.
421 No transfer timeout (3600 seconds): closing control connection
Connection closed by remote host.
ftp> mget *
Not connected.
Saída de depuração do Proftpd:
O seguinte log foi retirado da saída da tela ao iniciar o proftpd com proftpd -d 5 -c /etc/proftpd.conf -n
:
{snip}
2018-02-07 16:25:11,407 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'PORT 10,1,70,112,229,162' to mod_core
2018-02-07 16:25:11,407 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'PORT 10,1,70,112,229,162' to mod_core
2018-02-07 16:25:11,407 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching CMD command 'PORT 10,1,70,112,229,162' to mod_core
2018-02-07 16:25:11,407 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching LOG_CMD command 'PORT 10,1,70,112,229,162' to mod_log
2018-02-07 16:25:11,454 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'RETR xyz_XML_Interface-Rawdata_20171129_064100_50277.tmp' to mod_core
2018-02-07 16:25:11,454 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'RETR xyz_XML_Interface-Rawdata_20171129_064100_50277.tmp' to mod_core
2018-02-07 16:25:11,454 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'RETR xyz_XML_Interface-Rawdata_20171129_064100_50277.tmp' to mod_auth
2018-02-07 16:25:11,454 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching PRE_CMD command 'RETR xyz_XML_Interface-Rawdata_20171129_064100_50277.tmp' to mod_xfer
2018-02-07 16:25:11,454 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): dispatching CMD command 'RETR xyz_XML_Interface-Rawdata_20171129_064100_50277.tmp' to mod_xfer
2018-02-07 16:25:11,505 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): active data connection opened - local : 10.15.87.17:20
2018-02-07 16:25:11,505 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): active data connection opened - remote : 10.1.70.112:58786
2018-02-07 17:38:29,580 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): Data transfer stall timeout: 3600 seconds
2018-02-07 16:25:11,566 Oracle2db proftpd[15663] 10.15.87.17 (10.1.70.112[10.1.70.112]): notice: user ftpusr: aborting transfer: Data connection closed
Captura de tela do Wireshark:
Configuração
proftpd.conf:
#ThisisabasicProFTPDconfigurationfile(renameitto#'proftpd.conf'foractualuse.Itestablishesasingleserver#andasingleanonymouslogin.Itassumesthatyouhaveauser/group#"nobody" and "ftp" for normal operation and anon.
ServerName "3.0 Linux-FTP"
ServerType standalone
DefaultServer on
RequireValidShell off
ExtendedLog /var/log/ftp.log
UseReverseDNS off
IdentLookups off
TimeoutLogin 120
TimeoutIdle 3600
TimeoutNoTransfer 3600
TimeoutStalled 3600
MaxClientsPerHost 2 "Two clients by hostname max"
MaxClientsPerUser 5 "Only one connection per user allowed"
MaxClients 4 "Too many users, please try again later"
MaxHostsPerUser 5 "Only one host per user allowed"
MaxLoginAttempts 2 "You've reached the max. login attempts"
UseSendfile off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User ftpusr
Group ftpusers
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot /home/ftpusr/xml-export
# DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
<Directory /home/ftpusr/xml-export>
Umask 022 022
</Directory>