DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default Incompatible FTP?

If i connect via FTP to my OpenBSD server, then the following clients do the following:
- Linux's own FTP client: works perfectly.
- Total Commander via WINE: works perfectly.
- Krusader: connects, but displays nothing but the parent dir (except if i am in "/", so it actually knows where it is), navigation is possible by writing the path directly to the address bar.
- CurlFtpFS: connects, but only shows one dir with a locked file called "such file or directory". Yes, without the "no".

How is this possible? Is OpenBSD's FTP server working in some kind of "alternate" mode, which is not interpretable for Krusader and CurlFtpFS? Or do Krusader and CurlFtpFS simply have bad FTP client implementations?
Reply With Quote
  #2   (View Single Post)  
Old 22nd July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

FTP has two modes of operation. Active, or Passive. Because OpenBSD's client uses passive by default, I can make the guess that your network configuration is blocking the data connection for FTP clients requesting the active mode.

From the PF User's Guide chapter, "Issues with FTP," highlights mine:
Quote:
FTP can be used in one of two ways: passive or active. Generally, the choice of active or passive is made to determine who has the problem with firewalling.

With active FTP, when a user connects to a remote FTP server and requests information or a file, the FTP server makes a new connection back to the client to transfer the requested data. This is called the data connection. To start, the FTP client chooses a random port to receive the data connection. The client sends the port number it chose to the FTP server and listens for an incoming connection on that port. The FTP server then initiates a connection to the client's address at the chosen port and transfers the data. This is a problem for users attempting to gain access to FTP servers from behind a NAT gateway. Because of how NAT works, the FTP server initiates the data connection by connecting to the external address of the NAT gateway on the chosen port. The NAT machine will receive this, but, because it has no mapping for the packet in its state table, it will drop the packet and won't deliver it to the client.

With passive mode FTP (the default mode with OpenBSD's ftp(1) client), the client requests that the server pick a random port to listen on for the data connection. The server informs the client of the port it has chosen, and the client connects to this port to transfer the data. Unfortunately, this is not always possible or desirable because of the possibility of a firewall in front of the FTP server blocking the incoming data connection. To force active mode FTP, use the -A flag to ftp, or set passive mode to "off" by issuing the command "passive off" at the "ftp>" prompt.

Last edited by jggimi; 22nd July 2022 at 08:52 PM. Reason: permit was the wrong word. blocking is a better term.
Reply With Quote
  #3   (View Single Post)  
Old 25th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

The manual of CurlFtpFS says, that for to connect in active mode, i have to specify: "-o ftp_port=-". I did that from the start. And it made no difference if i did or not. And in Total Commander it worked with both passive mode checked in and without.
Reply With Quote
  #4   (View Single Post)  
Old 25th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

You are going to have to do some analysis of the FTP traffic to/from your server, so that you can identify where the breakdown is occurring. Use tcpdump(8) and compare the traffic of a working session to traffic of a failing session. In that way you may be able to isolate the differences.

If you like to learn from books, I can recommend Networking for Systems Administrators by Michael W. Lucas: https://mwl.io/nonfiction/networking#n4sa

---

One way to circumvent your FTP problem is to use a better file transfer protocol, one designed for -- and during -- a more modern era of computing. But, you already knew that.
Reply With Quote
  #5   (View Single Post)  
Old 25th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

I did the analysis, i've compared Total Commander to Krusader and CurlFtpFS. All in passive mode. (And i added some empty lines to logs, to space out the differences and to put the corresponding pieces to the same lines.)

Total Commander and CurlFtpFS does it in ASCII mode, while Krusader does it in binary mode. Only TC works. And only TC does not give any argument to the LIST command.

Total Commander (working):
Code:
20:23:08.267810 IP 192.168.10.100.41098 > myserver.ftp: Flags [S], seq 688640527, win 29200, options [mss 1460,sackOK,TS val 5704690 ecr 0,nop,wscale 7], length 0
20:23:08.268001 IP myserver.ftp > 192.168.10.100.41098: Flags [S.], seq 1175158638, ack 688640528, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 2018173719 ecr 5704690], length 0
20:23:08.268037 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 1, win 229, options [nop,nop,TS val 5704690 ecr 2018173719], length 0
20:23:08.268208 IP 192.168.10.100.44080 > 192.168.10.10.domain: 18616+ PTR? 100.10.168.192.in-addr.arpa. (45)
20:23:08.271647 IP 192.168.10.10.domain > 192.168.10.100.44080: 18616 NXDomain 0/1/0 (122)
20:23:08.271883 IP 192.168.10.100.47030 > 192.168.10.10.domain: 19080+ PTR? 10.10.168.192.in-addr.arpa. (44)
20:23:08.274682 IP 192.168.10.10.domain > 192.168.10.100.47030: 19080 NXDomain 0/1/0 (121)
20:23:08.338526 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 1:31, ack 1, win 271, options [nop,nop,TS val 2018173719 ecr 5704690], length 30: FTP: 220 myserver FTP server ready.
20:23:08.338565 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 31, win 229, options [nop,nop,TS val 5704707 ecr 2018173719], length 0
20:23:08.347315 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 1:12, ack 31, win 229, options [nop,nop,TS val 5704709 ecr 2018173719], length 11: FTP: USER root
20:23:08.350990 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 31:64, ack 12, win 271, options [nop,nop,TS val 2018173719 ecr 5704709], length 33: FTP: 331 Password required for root.
20:23:08.353281 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 12:25, ack 64, win 229, options [nop,nop,TS val 5704711 ecr 2018173719], length 13: FTP: PASS *REMOVED*
20:23:08.460361 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 64:130, ack 25, win 271, options [nop,nop,TS val 2018173719 ecr 5704711], length 66: FTP: 230- OpenBSD 7.1 (GENERIC.MP) #465: Mon Apr 11 18:03:57 MDT 2022
20:23:08.503648 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 130, win 229, options [nop,nop,TS val 5704749 ecr 2018173719], length 0
20:23:08.504009 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 130:594, ack 25, win 271, options [nop,nop,TS val 2018173719 ecr 5704749], length 464: FTP: 230-
20:23:08.504024 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 594, win 237, options [nop,nop,TS val 5704749 ecr 2018173719], length 0
20:23:08.506845 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 25:31, ack 594, win 237, options [nop,nop,TS val 5704749 ecr 2018173719], length 6: FTP: SYST
20:23:08.507133 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 594:613, ack 31, win 271, options [nop,nop,TS val 2018173719 ecr 5704749], length 19: FTP: 215 UNIX Type: L8
20:23:08.511905 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 31:37, ack 613, win 237, options [nop,nop,TS val 5704751 ecr 2018173719], length 6: FTP: FEAT
20:23:08.512148 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 613:650, ack 37, win 271, options [nop,nop,TS val 2018173719 ecr 5704751], length 37: FTP: 500 'FEAT': command not understood.
20:23:08.514333 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 37:48, ack 650, win 237, options [nop,nop,TS val 5704751 ecr 2018173719], length 11: FTP: HELP SITE
20:23:08.514757 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 650:723, ack 48, win 271, options [nop,nop,TS val 2018173719 ecr 5704751], length 73: FTP: 214- The following SITE commands are recognized (* =>'s unimplemented).
20:23:08.555666 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 723, win 237, options [nop,nop,TS val 5704762 ecr 2018173719], length 0
20:23:08.555931 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 723:798, ack 48, win 271, options [nop,nop,TS val 2018173720 ecr 5704762], length 75: FTP:    UMASK   IDLE    CHMOD   HELP
20:23:08.555955 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 798, win 237, options [nop,nop,TS val 5704762 ecr 2018173720], length 0
20:23:08.777298 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 48:78, ack 798, win 237, options [nop,nop,TS val 5704817 ecr 2018173720], length 30: FTP: CLNT Total Commander (UTF-8)
20:23:08.777628 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 798:859, ack 78, win 271, options [nop,nop,TS val 2018173720 ecr 5704817], length 61: FTP: 500 'CLNT Total Commander (UTF-8)': command not understood.
20:23:08.777650 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 859, win 237, options [nop,nop,TS val 5704817 ecr 2018173720], length 0
20:23:08.780364 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 78:92, ack 859, win 237, options [nop,nop,TS val 5704818 ecr 2018173720], length 14: FTP: OPTS UTF8 ON
20:23:08.780594 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 859:904, ack 92, win 271, options [nop,nop,TS val 2018173720 ecr 5704818], length 45: FTP: 500 'OPTS UTF8 ON': command not understood.
20:23:08.793421 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 92:97, ack 904, win 237, options [nop,nop,TS val 5704821 ecr 2018173720], length 5: FTP: PWD
20:23:08.793664 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 904:939, ack 97, win 271, options [nop,nop,TS val 2018173720 ecr 5704821], length 35: FTP: 257 "/root" is current directory.
20:23:08.835633 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 939, win 237, options [nop,nop,TS val 5704832 ecr 2018173720], length 0







20:23:08.886400 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 97:105, ack 939, win 237, options [nop,nop,TS val 5704844 ecr 2018173720], length 8: FTP: TYPE A
20:23:08.886633 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 939:959, ack 105, win 271, options [nop,nop,TS val 2018173720 ecr 5704844], length 20: FTP: 200 Type set to A.
20:23:08.886658 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 959, win 237, options [nop,nop,TS val 5704844 ecr 2018173720], length 0
20:23:08.892749 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 105:111, ack 959, win 237, options [nop,nop,TS val 5704846 ecr 2018173720], length 6: FTP: PASV
20:23:08.893025 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 959:1010, ack 111, win 271, options [nop,nop,TS val 2018173720 ecr 5704846], length 51: FTP: 227 Entering Passive Mode (192,168,10,68,246,229)
20:23:08.899637 IP 192.168.10.100.60338 > myserver.63205: Flags [S], seq 3712024682, win 29200, options [mss 1460,sackOK,TS val 5704848 ecr 0,nop,wscale 7], length 0
20:23:08.899812 IP myserver.63205 > 192.168.10.100.60338: Flags [S.], seq 1939337618, ack 3712024683, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 1165710720 ecr 5704848], length 0
20:23:08.899833 IP 192.168.10.100.60338 > myserver.63205: Flags [.], ack 1, win 229, options [nop,nop,TS val 5704848 ecr 1165710720], length 0
20:23:08.905097 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 111:117, ack 1010, win 237, options [nop,nop,TS val 5704849 ecr 2018173720], length 6: FTP: LIST
20:23:08.905844 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 1010:1059, ack 117, win 271, options [nop,nop,TS val 2018173720 ecr 5704849], length 49: FTP: 150 Opening ASCII mode data connection for '.'.
20:23:08.907213 IP myserver.63205 > 192.168.10.100.60338: Flags [P.], seq 1:543, ack 1, win 271, options [nop,nop,TS val 1165710720 ecr 5704848], length 542
20:23:08.907241 IP 192.168.10.100.60338 > myserver.63205: Flags [.], ack 543, win 237, options [nop,nop,TS val 5704849 ecr 1165710720], length 0
20:23:08.907249 IP myserver.63205 > 192.168.10.100.60338: Flags [F.], seq 543, ack 1, win 271, options [nop,nop,TS val 1165710720 ecr 5704848], length 0
20:23:08.913713 IP 192.168.10.100.60338 > myserver.63205: Flags [F.], seq 1, ack 544, win 237, options [nop,nop,TS val 5704851 ecr 1165710720], length 0
20:23:08.913884 IP myserver.63205 > 192.168.10.100.60338: Flags [.], ack 2, win 271, options [nop,nop,TS val 1165710720 ecr 5704851], length 0
20:23:08.947645 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 1059, win 237, options [nop,nop,TS val 5704860 ecr 2018173720], length 0
20:23:08.947824 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 1059:1083, ack 117, win 271, options [nop,nop,TS val 2018173720 ecr 5704860], length 24: FTP: 226 Transfer complete.
20:23:08.947849 IP 192.168.10.100.41098 > myserver.ftp: Flags [.], ack 1083, win 237, options [nop,nop,TS val 5704860 ecr 2018173720], length 0
20:23:10.255999 IP 192.168.10.100.41098 > myserver.ftp: Flags [P.], seq 117:123, ack 1083, win 237, options [nop,nop,TS val 5705187 ecr 2018173720], length 6: FTP: QUIT
20:23:10.256251 IP myserver.ftp > 192.168.10.100.41098: Flags [P.], seq 1083:1097, ack 123, win 271, options [nop,nop,TS val 2018173723 ecr 5705187], length 14: FTP: 221 Goodbye.
Krusader (not working):
Code:
20:20:58.699552 IP 192.168.10.100.41086 > myserver.ftp: Flags [S], seq 1901922327, win 29200, options [mss 1460,sackOK,TS val 5672297 ecr 0,nop,wscale 7], length 0
20:20:58.699760 IP myserver.ftp > 192.168.10.100.41086: Flags [S.], seq 3517035833, ack 1901922328, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 1271958983 ecr 5672297], length 0
20:20:58.699805 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 1, win 229, options [nop,nop,TS val 5672298 ecr 1271958983], length 0
20:20:58.700058 IP 192.168.10.100.49668 > 192.168.10.10.domain: 51013+ PTR? 100.10.168.192.in-addr.arpa. (45)
20:20:58.703173 IP 192.168.10.10.domain > 192.168.10.100.49668: 51013 NXDomain 0/1/0 (122)
20:20:58.703426 IP 192.168.10.100.35187 > 192.168.10.10.domain: 20003+ PTR? 10.10.168.192.in-addr.arpa. (44)
20:20:58.706131 IP 192.168.10.10.domain > 192.168.10.100.35187: 20003 NXDomain 0/1/0 (121)
20:20:58.795863 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 1:31, ack 1, win 271, options [nop,nop,TS val 1271958983 ecr 5672298], length 30: FTP: 220 myserver FTP server ready.
20:20:58.795971 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 31, win 229, options [nop,nop,TS val 5672322 ecr 1271958983], length 0
20:20:58.796088 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 1:12, ack 31, win 229, options [nop,nop,TS val 5672322 ecr 1271958983], length 11: FTP: USER root
20:20:58.800411 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 31:64, ack 12, win 271, options [nop,nop,TS val 1271958983 ecr 5672322], length 33: FTP: 331 Password required for root.
20:20:58.800549 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 12:25, ack 64, win 229, options [nop,nop,TS val 5672323 ecr 1271958983], length 13: FTP: pass *REMOVED*
20:20:58.907455 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 64:130, ack 25, win 271, options [nop,nop,TS val 1271958983 ecr 5672323], length 66: FTP: 230- OpenBSD 7.1 (GENERIC.MP) #465: Mon Apr 11 18:03:57 MDT 2022
20:20:58.947690 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 130, win 229, options [nop,nop,TS val 5672360 ecr 1271958983], length 0
20:20:58.948048 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 130:594, ack 25, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 464: FTP: 230-
20:20:58.948089 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 594, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 0
20:20:58.949190 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 25:31, ack 594, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 6: FTP: SYST
20:20:58.949477 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 594:613, ack 31, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 19: FTP: 215 UNIX Type: L8












20:20:58.949523 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 31:36, ack 613, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 5: FTP: PWD
20:20:58.949686 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 613:648, ack 36, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 35: FTP: 257 "/root" is current directory.








20:20:58.950225 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 36:44, ack 648, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 8: FTP: TYPE I
20:20:58.950495 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 648:668, ack 44, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 20: FTP: 200 Type set to I.

20:20:58.950544 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 44:50, ack 668, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 6: FTP: PASV
20:20:58.950711 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 668:719, ack 50, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 51: FTP: 227 Entering Passive Mode (192,168,10,68,235,168)
20:20:58.950909 IP 192.168.10.100.45732 > myserver.60328: Flags [S], seq 3796357930, win 29200, options [mss 1460,sackOK,TS val 5672360 ecr 0,nop,wscale 7], length 0
20:20:58.951035 IP myserver.60328 > 192.168.10.100.45732: Flags [S.], seq 2396962648, ack 3796357931, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 2393920422 ecr 5672360], length 0
20:20:58.951057 IP 192.168.10.100.45732 > myserver.60328: Flags [.], ack 1, win 229, options [nop,nop,TS val 5672360 ecr 2393920422], length 0
20:20:58.951099 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 50:60, ack 719, win 237, options [nop,nop,TS val 5672360 ecr 1271958983], length 10: FTP: list -la
20:20:58.951853 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 719:771, ack 60, win 271, options [nop,nop,TS val 1271958983 ecr 5672360], length 52: FTP: 150 Opening BINARY mode data connection for '-la'.
20:20:58.952419 IP myserver.60328 > 192.168.10.100.45732: Flags [P.], seq 1:38, ack 1, win 271, options [nop,nop,TS val 2393920422 ecr 5672360], length 37
20:20:58.952464 IP 192.168.10.100.45732 > myserver.60328: Flags [.], ack 38, win 229, options [nop,nop,TS val 5672361 ecr 2393920422], length 0
20:20:58.952546 IP myserver.60328 > 192.168.10.100.45732: Flags [F.], seq 38, ack 1, win 271, options [nop,nop,TS val 2393920422 ecr 5672360], length 0
20:20:58.952620 IP 192.168.10.100.45732 > myserver.60328: Flags [F.], seq 1, ack 39, win 229, options [nop,nop,TS val 5672361 ecr 2393920422], length 0
20:20:58.952740 IP myserver.60328 > 192.168.10.100.45732: Flags [.], ack 2, win 271, options [nop,nop,TS val 2393920422 ecr 5672361], length 0
20:20:58.999696 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 771, win 237, options [nop,nop,TS val 5672373 ecr 1271958983], length 0
20:20:58.999864 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 771:795, ack 60, win 271, options [nop,nop,TS val 1271958983 ecr 5672373], length 24: FTP: 226 Transfer complete.
20:20:58.999905 IP 192.168.10.100.41086 > myserver.ftp: Flags [.], ack 795, win 237, options [nop,nop,TS val 5672373 ecr 1271958983], length 0
20:21:03.895880 IP 192.168.10.100.41086 > myserver.ftp: Flags [P.], seq 60:66, ack 795, win 237, options [nop,nop,TS val 5673597 ecr 1271958983], length 6: FTP: quit
20:21:03.896144 IP myserver.ftp > 192.168.10.100.41086: Flags [P.], seq 795:809, ack 66, win 271, options [nop,nop,TS val 1271958993 ecr 5673597], length 14: FTP: 221 Goodbye.
CurlFtpFS (not working):
Code:
20:49:46.462052 IP 192.168.10.100.41136 > myserver.ftp: Flags [S], seq 1345366057, win 29200, options [mss 1460,sackOK,TS val 6104238 ecr 0,nop,wscale 7], length 0
20:49:46.462263 IP myserver.ftp > 192.168.10.100.41136: Flags [S.], seq 956461952, ack 1345366058, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 590535072 ecr 6104238], length 0
20:49:46.462307 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 1, win 229, options [nop,nop,TS val 6104238 ecr 590535072], length 0
20:49:46.462340 IP 192.168.10.100.47258 > 192.168.10.10.domain: 18218+ PTR? 100.10.168.192.in-addr.arpa. (45)
20:49:46.465532 IP 192.168.10.10.domain > 192.168.10.100.47258: 18218 NXDomain 0/1/0 (122)
20:49:46.465865 IP 192.168.10.100.55550 > 192.168.10.10.domain: 26465+ PTR? 10.10.168.192.in-addr.arpa. (44)
20:49:46.468439 IP 192.168.10.10.domain > 192.168.10.100.55550: 26465 NXDomain 0/1/0 (121)
20:49:46.543862 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 1:31, ack 1, win 271, options [nop,nop,TS val 590535072 ecr 6104238], length 30: FTP: 220 myserver FTP server ready.
20:49:46.543908 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 31, win 229, options [nop,nop,TS val 6104259 ecr 590535072], length 0
20:49:46.544008 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 1:12, ack 31, win 229, options [nop,nop,TS val 6104259 ecr 590535072], length 11: FTP: USER root
20:49:46.548336 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 31:64, ack 12, win 271, options [nop,nop,TS val 590535072 ecr 6104259], length 33: FTP: 331 Password required for root.
20:49:46.548481 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 12:25, ack 64, win 229, options [nop,nop,TS val 6104260 ecr 590535072], length 13: FTP: PASS *REMOVED*
20:49:46.655352 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 64:130, ack 25, win 271, options [nop,nop,TS val 590535073 ecr 6104260], length 66: FTP: 230- OpenBSD 7.1 (GENERIC.MP) #465: Mon Apr 11 18:03:57 MDT 2022
20:49:46.695700 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 130, win 229, options [nop,nop,TS val 6104297 ecr 590535073], length 0
20:49:46.696070 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 130:594, ack 25, win 271, options [nop,nop,TS val 590535073 ecr 6104297], length 464: FTP: 230-
20:49:46.696097 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 594, win 237, options [nop,nop,TS val 6104297 ecr 590535073], length 0














20:49:46.696215 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 25:30, ack 594, win 237, options [nop,nop,TS val 6104297 ecr 590535073], length 5: FTP: PWD
20:49:46.696465 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 594:629, ack 30, win 271, options [nop,nop,TS val 590535073 ecr 6104297], length 35: FTP: 257 "/root" is current directory.
20:49:46.739691 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 629, win 237, options [nop,nop,TS val 6104308 ecr 590535073], length 0
20:49:46.868288 ec:43:f6:6f:12:fa (oui Unknown) > Broadcast, RRCP-0x23 reply
20:49:47.028797 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 30:36, ack 629, win 237, options [nop,nop,TS val 6104380 ecr 590535073], length 6: FTP: PASV
20:49:47.029101 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 629:680, ack 36, win 271, options [nop,nop,TS val 590535073 ecr 6104380], length 51: FTP: 227 Entering Passive Mode (192,168,10,68,207,143)
20:49:47.029133 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 680, win 237, options [nop,nop,TS val 6104380 ecr 590535073], length 0
20:49:47.029229 IP 192.168.10.100.60636 > myserver.53135: Flags [S], seq 1413137606, win 29200, options [mss 1460,sackOK,TS val 6104380 ecr 0,nop,wscale 7], length 0
20:49:47.029367 IP myserver.53135 > 192.168.10.100.60636: Flags [S.], seq 3673858856, ack 1413137607, win 16384, options [mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,TS val 197665400 ecr 6104380], length 0
20:49:47.029405 IP 192.168.10.100.60636 > myserver.53135: Flags [.], ack 1, win 229, options [nop,nop,TS val 6104380 ecr 197665400], length 0
20:49:47.029514 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 36:44, ack 680, win 237, options [nop,nop,TS val 6104380 ecr 590535073], length 8: FTP: TYPE A
20:49:47.029693 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 680:700, ack 44, win 271, options [nop,nop,TS val 590535073 ecr 6104380], length 20: FTP: 200 Type set to A.






20:49:47.029745 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 44:53, ack 700, win 237, options [nop,nop,TS val 6104380 ecr 590535073], length 9: FTP: LIST -a
20:49:47.030426 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 700:750, ack 53, win 271, options [nop,nop,TS val 590535073 ecr 6104380], length 50: FTP: 150 Opening ASCII mode data connection for '-a'.
20:49:47.031195 IP myserver.53135 > 192.168.10.100.60636: Flags [P.], seq 1:38, ack 1, win 271, options [nop,nop,TS val 197665400 ecr 6104380], length 37
20:49:47.031238 IP 192.168.10.100.60636 > myserver.53135: Flags [.], ack 38, win 229, options [nop,nop,TS val 6104380 ecr 197665400], length 0
20:49:47.031246 IP myserver.53135 > 192.168.10.100.60636: Flags [F.], seq 38, ack 1, win 271, options [nop,nop,TS val 197665400 ecr 6104380], length 0
20:49:47.031350 IP 192.168.10.100.60636 > myserver.53135: Flags [F.], seq 1, ack 39, win 229, options [nop,nop,TS val 6104380 ecr 197665400], length 0
20:49:47.031471 IP myserver.53135 > 192.168.10.100.60636: Flags [.], ack 2, win 271, options [nop,nop,TS val 197665400 ecr 6104380], length 0
20:49:47.071713 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 750, win 237, options [nop,nop,TS val 6104391 ecr 590535073], length 0
20:49:47.071892 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 750:774, ack 53, win 271, options [nop,nop,TS val 590535073 ecr 6104391], length 24: FTP: 226 Transfer complete.
20:49:47.071906 IP 192.168.10.100.41136 > myserver.ftp: Flags [.], ack 774, win 237, options [nop,nop,TS val 6104391 ecr 590535073], length 0
20:49:48.664588 IP 192.168.10.100.41136 > myserver.ftp: Flags [P.], seq 53:59, ack 774, win 237, options [nop,nop,TS val 6104789 ecr 590535073], length 6: FTP: QUIT
20:49:48.664847 IP myserver.ftp > 192.168.10.100.41136: Flags [P.], seq 774:788, ack 59, win 271, options [nop,nop,TS val 590535077 ecr 6104789], length 14: FTP: 221 Goodbye.

Last edited by TCH; 25th July 2022 at 06:59 PM. Reason: Added CurlFtpFS, added remark about TC's LIST
Reply With Quote
  #6   (View Single Post)  
Old 25th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

You can use the -X option of tcpdump to print the ASCII contents of the packets. Maybe that will help finding out what is going on.

Keep in mind that the FTP protocol uses 2 channels. A command channel with destination port 21 for passive FTP. The actual data transfersis done in a new separate channels , that are initiated and torn down for each data transfer.
See https://en.wikipedia.org/wiki/File_Transfer_Protocol
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 26th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

As J65nko noted, these logs are of the control connection and don't show the data connections. Both of the failing sessions seem to end prematurely after the identical packet 215 "success" sent by the server, which is a NAME message sent by the server, containing the OS name. The NAME will have been OPENBSD.


EDIT: Ignore my "analysis". My copy/paste into an editor was flawed.

Last edited by jggimi; 26th July 2022 at 11:48 AM.
Reply With Quote
  #8   (View Single Post)  
Old 26th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

OK, now that I have the complete logs, I can see that the successful session used a "LIST" command while the failing sessions used "list -la" and "LIST -a", respectively. These options to LIST violate RFC 959, and that may be why you've run into issues.

If you require those particular FTP clients, you might consider installing an FTP server that is less strict about following the protocol standard. I haven't ever tried pure-ftpd or vsftpd; these are available as packages.

Last edited by jggimi; 26th July 2022 at 12:14 PM. Reason: added vsftpd
Reply With Quote
  #9   (View Single Post)  
Old 28th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

I was afraid, that something like that might be suggested... I would have liked to use OpenBSD-s default FTP daemon. I also have no experience with pure-ftpd and this not the time for experimenting, so i have to stick with vsftpd which i know...and loathe. It really may be verrrry secure, but it is a nightmare to config as it always wants to know better.

Last edited by TCH; 28th July 2022 at 02:42 PM. Reason: missing word
Reply With Quote
Old 28th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Well, perhaps those clients can be provisioned so that they follow the RFC and do not add the options "-a" or "-la". Otherwise, you'll need to switch your FTP server.

Me? I haven't used the FTP protocol anywhere in many years. (My personal preference is to use OpenSSH's sftp(1)/scp(1) for file transfers, even on point-to-point networks.)
Reply With Quote
Old 28th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

Krusader might be repaired, i know the Trinity guys, actually, i will report this to them.
But CurlFtpFS is AFAIK no longer developed.

(I don't want to waste resources unecessarily by unneeded encryption. That is why i use RSh and FTP.)
Reply With Quote
Old 28th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Why are you using ftp while you could be using rcp?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 29th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by TCH View Post
I don't want to waste resources unecessarily by unneeded encryption.
Have you examined this resource consumption? It may not be as harmful as you assume.

I just did two tests:
  1. I used nc(1) to transfer 100M from RAM (/dev/zero) on a local sending system to a local receiving system's /dev/null. This took 15.8% of the receiving system's CPU during the transfer.
  2. I used ssh(1)/sshd(8) to transfer the same 100 MB of RAM-based zeroes, using encryption/decryption. It consumed 1.2% of the receiving system's CPU during the transfer.
This appears counterintuitive. Why would the CPU-heavy transfer consume *less* resource?

Well, CPU utilization is a measure of resource consumed over time. The transfer with encryption was significantly slower. The receiving server is CPU constrained, as it is an Alix embedded machine with a VIA/Geode 32-bit CPU running at 500MHz.
Reply With Quote
Old 29th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

Quote:
Originally Posted by J65nko View Post
Why are you using ftp while you could be using rcp?
Because i need to attach it as a filesystem.
Quote:
Originally Posted by jggimi View Post
Have you examined this resource consumption? It may not be as harmful as you assume.
Yes, i did.
Code:
# time netkit-rsh 192.168.10.100 dd if=/dev/sda1 bs=16MiB count=256 >/dev/null
 256+0 records in
 256+0 records out
 4294967296 bytes (4.3 GB, 4.0 GiB) copied, 15.7938 s, 272 MB/s
 netkit-rsh 192.168.10.100 dd if=/dev/sda1 bs=16MiB count=256 > /dev/null 0,28s user 2,81s system 19% cpu 15,889 total
Code:
# time ssh 192.168.10.100 dd if=/dev/sda1 bs=16MiB count=256 >/dev/null
 256+0 beolvasott rekord
 256+0 kiírt rekord
 4294967296 bájt (4,3 GB, 4,0 GiB) másolva, 24,3745 s, 176 MB/s
 ssh 192.168.10.100 dd if=/dev/sda1 bs=16MiB count=256 > /dev/null 6,90s user 3,57s system 42% cpu 24,561 total
Reply With Quote
Old 29th July 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

Okay, i still tried pure-ftpd and i did not regret it. All i had to do is changing the '-u' argumentum from 1000 to 0 in the 'daemon_flags' variable in /etc/rc.d/pure_ftpd and i could login as root from all clients and everything was working all right. Well, except for one thin in one client: CurlFtpFS could not go "up" from the home directory (not a surprise). Compromise: 'usermod -d / root'. I can live with that.

Thanks for the tips.
Reply With Quote
Old 29th July 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I'm glad you got your FTP solution working. Congratulations!

Our tests were a little different, as I was testing for CPU consumption in isolation from storage.
  • With that tiny CPU in my receiving server, SSH authentication and decryption was three times slower than plaintext. I will continue to use sftp(1)/scp(1) for file transfers because of its operational ease compared to other file transfer methods.
  • An NFS solution might be something for you to consider, depending on your specific needs for file sharing between systems. OpenBSD's implementation consists of a fully-integrated client built-in to mount(8)/mount_nfs(8)/fstab(5). For an OpenBSD-based NFS server, there is a small set of daemons, with provisioning guidance in the FAQ.

Last edited by jggimi; 29th July 2022 at 01:12 PM. Reason: clarity
Reply With Quote
Old 3rd August 2022
TCH TCH is offline
Shell Scout
 
Join Date: Mar 2017
Posts: 85
Default

Thanks.

Encryption is not a possibility here.

With NFS i have no experience. If FTP would have failed, i would have tried it, but now it's unnecessary. (Although i may play with it, just to get some experience.)
Reply With Quote
Reply

Tags
curlftpfs, ftp, ftpd, krusader

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeBSD 7.1 kernel incompatible with a linux program map7 FreeBSD Installation and Upgrading 7 5th November 2008 11:17 PM


All times are GMT. The time now is 03:01 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick