Re: FTP problem

Gergely CZUCZY Fri, 08 Dec 2006 10:16:16 -0800

On Fri, Dec 08, 2006 at 04:53:02PM +0300, Roman Gorohov.               wrote:
> Hello, Gergely.
> 
> > try to use pftpx instead of ftp-proxy, it's available from ports.
> 
> 
> > Bye,
> 
> > Gergely Czuczy
> 
> I tried switch to pftpx and got same result.
> Last messages:
> Dec  7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70
> Dec  7 17:02:47 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70
> Dec  7 17:02:55 fw-spb pftpx[7306]: #296 proxy cannot connect to server 
> 10.10.1.70: Operation not permitted
> Dec  7 17:03:03 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70
> Dec  7 17:03:15 fw-spb last message repeated 2 times
> Then it hang.
> 
> Address 10.10.1.70 is server itself, so I don't understand whats going on...
> I started to think that there is some loop in pf rules, this would
> nicely explain why there isn't any messages at console. But I can't
> see any.
> This is all referencing to ftp in my pf.conf:
> rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
> pass out on $ext_if inet proto tcp from $ext_if to any port 21 flags S/AUPRFS 
> modulate state
> pass in on $ext_if proto tcp from any to any port 21 keep state
if you paste a ruleset please also resolv all of the macros
and include the interface definitions also.
we don't even know what addresses your $int_if is having
where do you recieve your ftp connections from, and with what
configuration are you using for pftpx
> 
> Any suggestions?
man pftpx, check the parameters.
think of these while doing that:
> Dec  7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70
> Dec  7 17:02:47 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70
> Dec  7 17:03:03 fw-spb pftpx[7306]: client limit (100) reached, refusing 
> connection from 10.10.1.70


and for this, check your pf ruleset. if the sendning of
the packet is disabled by a local pf rule, you might get that
error message
> Dec  7 17:02:55 fw-spb pftpx[7306]: #296 proxy cannot connect to server 
> 10.10.1.70: Operation not permitted


as a general good hint i'd suggest reading
google://how+to+ask for you.
it's not a joke, it's a serious suggestion.

> Regards, Roman.
> 
> 

Bye,

Gergely Czuczy
mailto: [EMAIL PROTECTED]

-- 
Weenies test. Geniuses solve problems that arise.

pgpLhr44zwqvs.pgp
Description: PGP signature

Re: FTP problem

Reply via email to