Author Topic: Problem mit GnuTLS error -110  (Read 267 times)

Offline Infi

  • New user
  • *
  • Posts: 1
    • View Profile
Problem mit GnuTLS error -110
« on: November 27, 2016, 05:26:46 am »
Hiho,

Ich hab aktuell ein Problem mit meinen Proftpd Standalone Server unter Debian ...
Erstmal was nutze ich:
Debian Jessie 8 [Aktuellste Version]
ProFTPD Version 1.3.5 [TLS1.2 aktiviert]
GnuTLS 3.3.8-6+deb8u3 [Debian Wiki sagt es als aktuellste]

HomePC:
Linux version 4.4.33-1-MANJARO
FileZilla 3.22.2.2, compiled on 2016-11-02


Was ist mein Problem:
Ich verwende aktuell TLS und kann mich auch Problemlos mit dem Server verbinden und 1-2 Dateien downloaden egal wie groß sie sind ...
Sobald ich allerdings mehrere großere Dateien per Warteschlange laden will, kommt nachdem Abschluss der 1 großen Datei folgende Fehlermeldung:
Code: [Select]
Command: PASV
Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,249,246).
Command: RETR disk14.pak
Response: 150 Opening BINARY mode data connection for disk14.pak (438809808 bytes)
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Response: 425 Unable to build data connection: Operation not permitted
Error: File transfer failed

Proftpd Settings:
Code: [Select]
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 0
TimeoutStalled 0
TimeoutIdle 0

DisplayLogin                    welcome.msg
DisplayChdir                .message true
ListOptions                "-l"

DenyFilter \*.*/

DefaultRoot ~
RequireValidShell off
Port 5666
PassivePorts                  60000 65535
MaxInstances 30
User test
Group ftpgroup
Umask 022  022
AllowOverwrite on

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

Include /etc/proftpd/conf.d/

tls.conf
Code: [Select]
<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/log/proftpd/tls.log
        TLSProtocol TLSv1.2
        TLSRSACertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        TLSRSACertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        TLSVerifyClient off
        TLSRequired on
        TLSOptions AllowClientRenegotiations
        TLSRenegotiate required on
</IfModule>

Iptables Rules:
Code: [Select]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 2302 -j ACCEPT
-A INPUT -p udp -m udp --dport 2303 -j ACCEPT
-A INPUT -p udp -m udp --dport 2304 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT
-A INPUT -p udp -m udp --dport 5666 -j ACCEPT
-A INPUT -p udp -m udp --dport 60000:65535 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 51412:51435 -j ACCEPT
-A INPUT -p udp -m udp --dport 51412:51435 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5940:6010 -j ACCEPT
-A INPUT -p udp -m udp --dport 5940:6010 -j ACCEPT
-A INPUT -p udp -m udp --dport 9987 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2008 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25565 -j ACCEPT
-A INPUT -p udp -m udp --dport 25565 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22222 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5665 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
Im beiden Logs steht nichts drin außer das die Session geöffnet und geschlossen wurde

Offline Flo

  • Regular User
  • **
  • Posts: 98
    • View Profile
Re: Problem mit GnuTLS error -110
« Reply #1 on: December 28, 2016, 12:20:30 pm »
Update mal auf 1.3.6rc2, das fixt schon viele Probleme

Offline Flo

  • Regular User
  • **
  • Posts: 98
    • View Profile
Re: Problem mit GnuTLS error -110
« Reply #2 on: January 16, 2017, 10:31:49 pm »
Bzw mittlerweile ja 1.3.6rc4