Get the most out of your Centmin Mod LEMP stack
Become a Member

Pure ftp disconnect issue

Discussion in 'Other Centmin Mod Installed software' started by pamamolf, Jun 1, 2016.

Tags:
  1. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Hi

    I notice that some times i got a disconnect status or it is hard to connect using FTP :(

    I am using Filezilla:

    I think it looks like a limit for the same time connected users somewhere?


    We try to use about 5 users and maybe we try to use it the same time....
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    in pure-ftpd.conf file
    Code (Text):
    grep -C3 MaxClients /etc/pure-ftpd/pure-ftpd.conf
    
    # Maximum number of simultaneous users
    
    MaxClientsNumber            500
    
    
    
    --
    
    # Maximum number of sim clients with the same IP address
    
    MaxClientsPerIP             200
    
     
  3. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Then something else is wrong :)
     
  4. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    On a new server (not public) just for development a site that i use Centminmod latest beta on Centos 7 the user just report the same error :(
    When he is log in and start to upload files after about 10 minutes he got disconnected but it looks like there is no network issues as many users report the same thing :(

    He just try to upload opencart files one by one (don't like that way as it is easier to pack them and transfer only one file) but anyway and he got disconnected :(

    Don't know if there is any newer version of pure ftpd to use or any firewall setting or any time limit or don't know what else :(
     
  5. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    take note of users ip addresses and check /var/log/messages for ip and pure-ftpd tagged messages and and check csf firewall's lfd log at /var/log/lfd.log
     
  6. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    From the logs there is nothing related only this:

    Code:
    server pure-ftpd: (userftp@123.45.678.999) [INFO] Timeout - try typing a little faster next time
    How can i increase the timeout value?

    But this is not related as many users upload a folder with hundred of files inside and got kicked :(

    Csf firewall logs also have nothing related....

    Maybe a problem with Cloudflare in front?

    It will be an issue if this same ftp account be used by 3-4 users at the same time?

    I increase also the timeout and will see....
     
  7. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Report from a user that he is the only one connected and he upload a file with many files inside and he has a very fast and stable net connection and he report this:
    Code:
    Status:       File transfer successful, transferred 3,409 bytes in 1 second
    Status:       Starting upload of /Users/userx/Downloads/wordpress 2/wp-comments-post.php
    Status:       File transfer successful, transferred 1,531 bytes in 1 second
    Status:       Disconnected from server
    Status:       Disconnected from server
    Status:       Delaying connection for 5 seconds due to previously failed connection attempt...
    Status:       Delaying connection for 5 seconds due to previously failed connection attempt...
    Status:       Connecting to 123.123.123.123:21...
    Status:       Connecting to 123.123.123.123:21...
    Status:       Connection attempt failed with "ETIMEDOUT - Connection attempt timed out".
    Error:         Could not connect to server
    Status:       Connection attempt failed with "ETIMEDOUT - Connection attempt timed out".
    Error:         Could not connect to server
    Status:       Starting upload of /Users/userx/Downloads/wordpress 2/wp-blog-header.php
    Status:       Starting upload of /Users/userx/Downloads/wordpress 2/wp-links-opml.php
    He can produce that error anytime by connecting and start uploading files and in 2 minutes maximum he get that error :(

    Something is wrong damn :(

    Searching around i found this that may help?

    KB Plesk: Cannot connect to FTP storage via FileZilla 3.10: ETIMEDOUT - Connection attempt timed out

    Maybe something change/wrong with the mode or encryption that we use on Centminmod Pureftpd ?
     
    Last edited: Jun 3, 2016
  8. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    enable verbose logging

    upload_2016-6-3_9-55-18.png

    and timestamps

    upload_2016-6-3_9-55-50.png

    should give a more detailed log of what's going on and the times
     
  9. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    new verbose log:

    Code:
    07:21:40 Status:       Connecting to 123.123.123.123:21...
    07:21:50 Status:       Connection attempt failed with "ETIMEDOUT - Connection attempt timed out".
    07:21:50 Trace:        CRealControlSocket::OnClose(60)
    07:21:50 Trace:        CFtpControlSocket::ResetOperation(66)
    07:21:50 Trace:        CControlSocket::ResetOperation(66)
    07:21:50 Error:         Could not connect to server
    07:21:50 Status:       Waiting to retry...
    How can i disable any security measures just to test it?
     
    Last edited: Jun 3, 2016
  10. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    should be more entries in log starting from the welcome pure-ftpd banner onwards

    i.e.
    Code (Text):
    23:42:59    Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    23:42:59    Response:    220-You are user number 1 of 500 allowed.
    23:42:59    Response:    220-Local time is now 13:43. Server port: 21.
    23:42:59    Response:    220-IPv6 connections are also welcome on this server.
    23:42:59    Response:    220 You will be disconnected after 15 minutes of inactivity.
    23:42:59    Trace:    CFtpControlSocket::SendNextCommand()
    23:42:59    Command:    AUTH TLS
    23:42:59    Trace:    CFtpControlSocket::OnReceive()
    23:42:59    Response:    234 AUTH TLS OK.
    23:42:59    Status:    Initializing TLS...
    23:42:59    Trace:    CTlsSocket::Handshake()
    23:42:59    Trace:    CTlsSocket::ContinueHandshake()
    23:42:59    Trace:    CTlsSocket::ContinueHandshake()
    23:42:59    Trace:    CTlsSocket::ContinueHandshake()
    23:43:00    Trace:    CTlsSocket::ContinueHandshake()
    23:43:00    Trace:    TLS Handshake successful
    23:43:00    Trace:    Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: AES-128-GCM, MAC: AEAD
    23:43:00    Status:    Verifying certificate...
    23:43:00    Status:    TLS connection established.
    

    Code (Text):
    23:45:06    Response:    227 Entering Passive Mode (111,222,333,444,192,159)
    23:45:06    Trace:    CFtpControlSocket::TransferParseResponse()
    23:45:06    Trace:    CFtpControlSocket::SendNextCommand()
    23:45:06    Trace:    CFtpControlSocket::TransferSend()
    
    


    but ensure you have require explicit FTP over TLS set

    also error can be related to end user's own router and desktop/pc firewalls, anti-virus or internet security suites etc too
     
    Last edited: Jun 3, 2016
  11. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    Ok i found the issue :)

    All problems was because i had disable csf firewall !!!!!

    I enable it and now all are ok :)

    But i thought it was better to use csfstop for testing to avoid any blocks....

    I was keep it close as i am using this server to get some remote backups and i was looking to avoid any block for it ....
     
  12. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haha yes CSF is needed to properly get pure-ftpd using passive mode and passive ports range defined by pure-ftpd
     
  13. Jon Snow

    Jon Snow Active Member

    859
    172
    43
    Jun 30, 2017
    Ratings:
    +264
    Local Time:
    9:40 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    @eva2000 Is there anything in CSF that might disconnect someone for uploading too many files via pure ftp user?

    My limit was higher than what was in the first post.
    Code (Text):
    # Maximum number of simultaneous users
    
    MaxClientsNumber            1000
    
    --
    
    # Maximum number of sim clients with the same IP address
    
    MaxClientsPerIP             500

    The only way I've ever had no problem uploading was when I whitelisted the IP.

    Edit: Alright, whitelisting my IP didn't help. I tried uploading and the server disconnected me after XX uploads then it said it was retrying to connect.
     
    Last edited: May 3, 2018
  14. Jon Snow

    Jon Snow Active Member

    859
    172
    43
    Jun 30, 2017
    Ratings:
    +264
    Local Time:
    9:40 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Code (Text):
    May  2 blah kernel: Firewall: *Port Flood* IN=eth0 OUT= MAC=fblah SRC=IP-Address DST=IP-Address LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=18802 DF PROTO=TCP SPT=53006 DPT=21 WINDOW=64240 RES=0x00 SYN URGP=0 
     
  15. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You're hitting CSF Firewall Port Flood protection limits. Ideally, you want to limit your FTP clients max concurrent transfer limits and/or instead of uploading individual files, upload a zip file with all files then extract and move the files in place on server via SSH. Example of extracting a zip file via SSH can be seen in step 3 of Xenforo 2 setup. You can practice doing zip upload/extraction etc on test site domain until you are familiar with it.

    See Insights guide I just wrote at CSF - Insight Guide - CSF Firewall Port Flood Blocking Pure-FTP Connections
     
  16. Jon Snow

    Jon Snow Active Member

    859
    172
    43
    Jun 30, 2017
    Ratings:
    +264
    Local Time:
    9:40 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    I already know about zips but in some cases, I'd like to just upload through the pure ftp user. I've already changed the ftp settings to a much lower number but I still hit the limit.

    That link was exactly part of what I was looking for. From that link:
    Code (Text):
    PORTFLOOD = "21;tcp;5;300"

    My FTP setting is lower than 5. I guess 300 means seconds and it's crossing the timeframe or something to hit the limit? So should I just increase 300 drastically and will that affect the server in any negative way?

    Is there a way to whitelist an ftp user or IP address to avoid getting hit by this limit?
     
  17. eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    10:40 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Did you restart FTP client (close/reopen) ?

    maybe change it from 5 hit count to 20 instead
    Code (Text):
    PORTFLOOD = "21;tcp;20;300"
    

    from CSF - Insight Guide - CSF Firewall Port Flood Blocking Pure-FTPD Connections
    is the ip getting listed in /proc/net/xt_recent/21 ?
    Code (Text):
    cat /proc/net/xt_recent/21
    

    during pure-ftpd uploads what's out output of
    Code (Text):
    echo $(($(csf -p | grep pure-ftpd | grep nginx | wc -l)/2-1))
    
     
  18. Jon Snow

    Jon Snow Active Member

    859
    172
    43
    Jun 30, 2017
    Ratings:
    +264
    Local Time:
    9:40 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    I did not close & re-open the program after changing it but I did press OK.

    I have it set to 2 and it shows 2 but when I ran the command you mentioned from your post after I got disconnected by it, it was at 3. Weird. Why did it increase if all of my settings were set to 2?

    It's disconnecting me (and delaying me until next reconnect) after I upload a couple of files from xenForo's largest folder.
    Yeah the IP is listed there.

    So my only option is increasing the 21;tcp;20;300 limit, right?
     
  19. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    3:40 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    I had almost always that issue too.Nice to have the value of 20 as default !!!!