hello everyone,
bevor is start bugging the novell support with our problem, i hope for a solution from the community.
the past:
suse 9.2 with frox worked without any issues
what happend:
the server system was a bit old, and keep the it up with manual patches, wasn´t worth the time anymore.
because we wanted something like “install it and get updates from your supplier” we switched the sles 10.
i killed the old installation and installed sle with all our needed default services.
frox was taken from http://download.opensuse.org/repositories/server:/proxy/SLE_10/src/frox-0.7.18-8.5.src.rpm (rpmbuild). there are no new settings in the new default frox.conf, so i moved the “old” one over the new one (i´ve tested the new one first too).
rcfrox start
great! no errors, why can´t everything work like that?
but then i tried my first connection, and … error.
on the first login to a ftp, i got an timeout on “Command: LIST”. i get this error with every ftp server, anoymous or user based doesn´t matter.
little network overview:
intranet (inside) -> firewall 1 -> sles10/frox/firewall (dmz) -> firewall 2 -> internet (outside)
very basic overview of firewall rules:
firewall 1 does allow any access from the inside to the dmz, but blocks from dmz to inside.
firewall 2 does allow any access from the dmz to the outside, but blocks from the outside to the inside
- firewall port 2121 is open
- switching active/passiv ftp by force via frox.conf (APConv, PAConv), or via client (filezilla, flashfxp) doesn´t help either
- tests on another hardware (with sles 10 “trial key”) shown the same issue, doesn´t matter what package we are using:
http://download.opensuse.org/repositories/server:/proxy/SLE_10/i586/frox-0.7.18-8.4.i586.rpm
http://download.opensuse.org/repositories/server:/proxy/SLE_10/src/frox-0.7.18-8.5.src.rpm
http://download.opensuse.org/repositories/home:/lrupp:/EDU:/OSS/SLE_10/i586/frox-0.7.18-9.1.i586.rpm
http://download.opensuse.org/repositories/home:/lrupp:/EDU:/OSS/SLE_10/src/frox-0.7.18-9.1.src.rpm
frox.conf: (it´s default, we secure via fw)
Port 2121
User nobody
Group nogroup
WorkingDir /var/lib/frox
DontChroot No
LogLevel 25
LogFile /var/log/frox-log
PidFile /var/run/frox.pid
APConv yes
BounceDefend yes
DoNTP yes
MaxForks 20
MaxForksPerHost 2
ACL Allow * - *
test connection to kernel.org:
frox log:
Wed Jan 28 15:56:14 2009 frox[5198] Connect from 172.x.x.x
Wed Jan 28 15:56:14 2009 frox[5198] S: 220 Frox transparent ftp proxy. Login with username@host:port]]
Wed Jan 28 15:56:14 2009 frox[5198] NTP: Host=ftp.all.kernel.org
Wed Jan 28 15:56:14 2009 frox[5198] NTP: Port=21
Wed Jan 28 15:56:14 2009 frox[5198] ... to 149.20.20.133(ftp.all.kernel.org)
Wed Jan 28 15:56:15 2009 frox[5198] Connecting to server...
Wed Jan 28 15:56:15 2009 frox[5198] OK
Wed Jan 28 15:56:15 2009 frox[5198] Apparent address = 213.x.x.x (host.domain.tld)
Wed Jan 28 15:56:15 2009 frox[5198] Real address = 149.20.20.133(pub1.kernel.org)
Wed Jan 28 15:56:15 2009 frox[5198] Proxy address = 149.20.20.133(pub1.kernel.org)
Wed Jan 28 15:56:15 2009 frox[5198] C: USER anonymous
Wed Jan 28 15:56:16 2009 frox[5198] S: 331 Please specify the password.
Wed Jan 28 15:56:16 2009 frox[5198] C: PASS flashfxp-user@flashfxp.com
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-??? Welcome to the
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-???LINUX KERNEL ARCHIVES
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-??? ftp.kernel.org
-CUT (WELCOME BANNER)-
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-http://www.kernel.org/ for links to Linux documentation resources.
Wed Jan 28 15:56:16 2009 frox[5198] S: 230-
Wed Jan 28 15:56:16 2009 frox[5198] S: 230 Login successful.
Wed Jan 28 15:56:16 2009 frox[5198] C: SYST
Wed Jan 28 15:56:16 2009 frox[5198] S: 215 UNIX Type: L8
Wed Jan 28 15:56:16 2009 frox[5198] Command FEAT not implemented
Wed Jan 28 15:56:16 2009 frox[5198] S: 502 Command not implemented.
Wed Jan 28 15:56:16 2009 frox[5198] C: REST 100
Wed Jan 28 15:56:16 2009 frox[5198] S: 350 Restart position accepted (100).
Wed Jan 28 15:56:16 2009 frox[5198] C: REST 0
Wed Jan 28 15:56:16 2009 frox[5198] S: 350 Restart position accepted (0).
Wed Jan 28 15:56:16 2009 frox[5198] C: CWD /
Wed Jan 28 15:56:17 2009 frox[5198] S: 250 Directory successfully changed.
Wed Jan 28 15:56:17 2009 frox[5198] Strictpath = "%2f/"
Wed Jan 28 15:56:17 2009 frox[5198] C: PWD
Wed Jan 28 15:56:17 2009 frox[5198] S: 257 "/"
Wed Jan 28 15:56:17 2009 frox[5198] C: TYPE A
Wed Jan 28 15:56:17 2009 frox[5198] S: 200 Switching to ASCII mode.
Wed Jan 28 15:56:17 2009 frox[5198] Intercepted a PASV command
Wed Jan 28 15:56:17 2009 frox[5198] C: PASV
Wed Jan 28 15:56:17 2009 frox[5198] Rewritten 227 reply:
Wed Jan 28 15:56:17 2009 frox[5198] S: 227 Entering Passive Mode (213,x,x,x,169,48)
Wed Jan 28 15:56:38 2009 frox[5198] Intercepted a PASV command
Wed Jan 28 15:56:38 2009 frox[5198] C: PASV
Wed Jan 28 15:56:38 2009 frox[5198] Rewritten 227 reply:
Wed Jan 28 15:56:38 2009 frox[5198] S: 227 Entering Passive Mode (213,x,x,x,164,177)
Wed Jan 28 16:01:38 2009 frox[5198] Connection timed out.
Wed Jan 28 16:01:38 2009 frox[5198] Closing session
flashfxp log:
WinSock 2.0 -- OpenSSL 0.9.8i 15 Sep 2008
[R] Connecting to ftp.all.kernel.org via Proxy -> IP=host.domain.tld PORT=2121
[R] Connected to ftp.all.kernel.org via Proxy
[R] 220 Frox transparent ftp proxy. Login with username@host:port]]
[R] USER anonymous@ftp.all.kernel.org
[R] 331 Please specify the password.
[R] PASS (hidden)
[R] 230-??? Welcome to the
[R] 230-
[R] 230-???LINUX KERNEL ARCHIVES
[R] 230-??? ftp.kernel.org
-CUT (WELCOME BANNER)-
[R] 230-http://www.kernel.org/ for links to Linux documentation resources.
[R] 230-
[R] 230 Login successful.
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 502 Command not implemented.
[R] REST 100
[R] 350 Restart position accepted (100).
[R] REST 0
[R] 350 Restart position accepted (0).
[R] PWD
[R] 257 "/"
[R] TYPE A
[R] 200 Switching to ASCII mode.
[R] PASV
[R] 227 Entering Passive Mode (213,x,x,x,160,234)
[R] Opening data connection IP: 213.x.x.x PORT: 41194
[R] Data Socket Error: Connection timed out
[R] List Error
[R] PASV
[R] 227 Entering Passive Mode (213,x,x,x,183,1)
[R] Opening data connection IP: 213.x.x.x PORT: 46849
[R] Data Socket Error: Connection timed out
[R] List Error
[R] QUIT
[R] 221 Goodbye.
[R] Logged off: ftp.all.kernel.org
short snort log from a different connection, running on ftp-hosting side
01/28-16:03:06.240778 213.x.x.x:48198 -> 217.x.x.x:21 TCP TTL:54 TOS:0x0 ID:16685 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xA270DC5D Ack: 0x1A77C94 Win: 0x6C0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 349004366 1695749
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/28-16:03:07.570196 213.x.x.x:48198 -> 217.x.x.x:21 TCP TTL:54 TOS:0x0 ID:16686 IpLen:20 DgmLen:58 DF
***AP*** Seq: 0xA270DC5D Ack: 0x1A77C94 Win: 0x6C0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 349004674 1695749 PASV..
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/28-16:03:07.693302 217.x.x.x:21 -> 213.x.x.x:48198 TCP TTL:127 TOS:0x0 ID:3347 IpLen:20 DgmLen:102 DF
***AP*** Seq: 0x1A77C94 Ack: 0xA270DC63 Win: 0xFA6D TcpLen: 32 TCP Options (3) => NOP NOP TS: 1695764 349004674
227 Entering Passive Mode (217,7,152,119,5,207)...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/28-16:03:07.762091 213.x.x.x:48198 -> 217.x.x.x:21 TCP TTL:54 TOS:0x0 ID:16687 IpLen:20 DgmLen:52 DF
***A**** Seq: 0xA270DC63 Ack: 0x1A77CC6 Win: 0x6C0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 349004747 1695764
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
01/28-16:03:43.732813 213.x.x.x:45547 -> 217.x.x.x:21 TCP TTL:54 TOS:0x0 ID:61868 IpLen:20 DgmLen:52 DF
***A***F Seq: 0x78664E5E Ack: 0x577D64A4 Win: 0x6C0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 349013738 1694844
i´m running out of ideas, because everything worked fine with 9.2. it´s even the same hardware and same ip like the old system.
kindly regards