New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect (failed directory listing) #158
Comments
Can you provide all the logs that you can, for both successful and failing directory listings? I'm hoping to see what might be different between the success and failure cases... |
Hi, thanks for your time. logs attached: |
Thanks for those. Nothing standing out just yet. So, to get more data, would you mind adding more to your
And then provide the logs for a successful, and failed, directory listing? Hopefully the increased logging will provide more clues. |
Hi, hope these will help. |
…C1918 fallback case, by using the session pool's longer lifetime.
Thanks for those; they do help. In the not-working case, we see the "425 MLSD: Invalid argument" error response -- which can only come from here, based on the rest of the logs provided. And that, in turn, means that the Looking at that function, we see that the only way the Based on this, I'm guessing that this PR might help? I'll work on trying to reproduce this exact scenario locally, but in the meantime, wanted to see if you, too, could test out the patch/PR, and see if it helps. |
…C1918 fallback case, by using the session pool's longer lifetime.
…-issue158 Issue #158: Attempt to address the reported `EINVAL` error, in the RF…
Hello, sorry for delay. We had tested your commit, but have same issues. |
BUMP |
@driici If I cannot reproduce the issue locally, then I cannot easily address/fix this. Barring that, I need something that reliably shows this error, in order to fix it. |
…t the remote port in the replacement address.
I've encountered a similar issue (and spent a few hours debugging). In my case the EINVAL was coming from the linux connect call (all the way from here). Doing strace on the running binary gives this: Setting the |
@aljasPOD thanks for digging into this! This reminds me of some logging changes I recently did for Issue #213, namely to try to add logging hints in cases where |
…a transfers in various situations. We have the following independent axes to attempt to handle, automatically if we can: * active _vs_ passive FTP data transfers * public _vs_ private IP addresses * IPv4 _vs_ IPv6 addresses And in some cases, all we can do is log a message indicating that the admin needs to explicitly configure an appropriate `ProxySourceAddress` for `mod_proxy` to use.
…ssue158 Issue #158: Adding more regression test coverage for proxying FTP dat…
@driici Would you be able to test the latest |
@driici Actually, in looking back through your logs with fresh eyes, I think the issue you encountered is different than that of @aljasPOD. The recent commits should make the behavior work for @aljasPOD -- but not for @driici. Here's what I see, for @driici 's nonworking use case:
In the working use case, the one thing that is different is that the frontend client's I'll try to confirm the above hypothesis by reproducing the above behaviors locally. |
…proxy` properly implements the `AllowForeignAddress` checks, and rejects `PORT`, `EPRT` commands with foreign addresses.
I've confirmed that I'd thus like to close this ticket, and we'll use new tickets for any more issues that arise. Sound good? |
…in the RFC1918 fallback case, by using the session pool's longer lifetime.
…operly set the remote port in the replacement address.
…g FTP data transfers in various situations. We have the following independent axes to attempt to handle, automatically if we can: * active _vs_ passive FTP data transfers * public _vs_ private IP addresses * IPv4 _vs_ IPv6 addresses And in some cases, all we can do is log a message indicating that the admin needs to explicitly configure an appropriate `ProxySourceAddress` for `mod_proxy` to use.
…hat `mod_proxy` properly implements the `AllowForeignAddress` checks, and rejects `PORT`, `EPRT` commands with foreign addresses.
Hello
I have compiled latest proftpd with latest (but tried some older vesions of both) mod_proxy on debian 10 and having issues with connections
proftpd -V: https://pastebin.com/YwpkNXJU
proftpd.conf: https://pastebin.com/EQ3yKpv4 (redacted password backend connection string)
I have also another instance of proftpd with mod_proxy on older machine (debian 8) and it works flawlessly - firewall config is same, proftpd config is same also.
Strange thing is that some connections are done OK, some fails after directory listing (MLSD or LIST command). Backend connection succeeded according logs.
When listing fails, I was able to find some information from log, but not sure if they're relevant:
Is there any more informations I should provide? Thanks
The text was updated successfully, but these errors were encountered: