Author Topic: PASV - long execution time  (Read 255 times)

Offline macieii

  • New user
  • *
  • Posts: 1
    • View Profile
PASV - long execution time
« on: January 07, 2017, 09:37:45 am »
Hi All,
I have an annoying issue with uploading to an proftpd-based server. One of the tools I'm using uses the ftp to transfer files to the server. It's a kind of a custom FTP client. ftpdpro runs as a part of a Plesk installation, inetd mode.

In general it works, but at certain points the upload process stops for exactly 30 seconds. This break is repeated a number of times increasing to nearly 10 minutes otherwise short upload time. I'm struggling to find a root cause solution to this issue... It looks like it is the PASV command that is causing the issue ? (switching to acive mode didn't help, the client crashed). But is this really so ? Any ideas on what to check or change ?

Any help will be appreciated!
Thank you
Maciek

The ftp.log (ExtendedLog) shows
xxxx UNKNOWN ftp_analizy [07/Jan/2017:07:15:53 +0100] "SITE chmod 755 /abcdefghijklmnopqrstuvwxyz" 550 -
xxxx UNKNOWN ftp_analizy [07/Jan/2017:07:15:53 +0100] "PASV" 227 -
xxxx UNKNOWN ftp_analizy [07/Jan/2017:07:16:24 +0100] "LIST /Ag001_tesity" 226 340


SystemLog shows
2017-01-07 07:15:54,019 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): dispatching CMD command 'LIST /Ag001_tesity' to mod_ls
2017-01-07 07:15:54,019 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): passive data connection opened - local  : <ip>:58298
2017-01-07 07:15:54,019 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): passive data connection opened - remote : 46.169.74.125:62274
2017-01-07 07:16:24,050 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): dispatching POST_CMD command 'LIST /Ag001_tesity' to mod_ratio
2017-01-07 07:16:24,050 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): dispatching LOG_CMD command 'LIST /Ag001_tesity' to mod_log
2017-01-07 07:16:24,050 xxxx proftpd[6841] 127.0.0.1 (46.169.74.125[46.169.74.125]): dispatching LOG_CMD command 'LIST /Ag001_tesity' to mod_ls

Proftpd -vv
ProFTPD Version: 1.3.5b (maint)
  Scoreboard Version: 01040003
  Built: Wed Apr 27 2016 18:35:42 NOVT

Loaded modules:
  mod_lang/1.0
  mod_cap/1.1
  mod_tls/2.6
  mod_quotatab_file.c
  mod_quotatab/1.3.1
  mod_readme/1.0
  mod_ratio/3.3
  mod_auth_pam/1.2
  mod_ident/1.0
  mod_facts/0.4
  mod_delay/0.7
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/1.0
  mod_auth_unix.c
  mod_rlimit/1.0
  mod_xfer.c
  mod_core.c

proftpd.conf:

ServerName                      "ProFTPD"
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

<Global>
DefaultRoot     ~               psacln
AllowOverwrite          on
<IfModule mod_tls.c>
        TLSEngine on
        TLSRequired off

        TLSLog /var/log/plesk/ftp_tls.log

        TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
        TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem
        TLSVerifyClient off
        TLSRenegotiate none

</IfModule>
</Global>

DefaultTransferMode     binary
UseFtpUsers                     on

TimesGMT                        off
SetEnv TZ :/etc/localtime
Port                            21
Umask                           022
MaxInstances                    30
ExtendedLog /var/log/ftp.log ALL
SystemLog /var/log/ftps.log ALL
ListOptions "" strict
UseGlobbing on

#Plesk-generated part
ScoreboardFile /var/run/proftpd.scoreboard
TransferLog /var/log/plesk/xferlog

<Directory /var/www/vhosts>
        GroupOwner      psacln
</Directory>

AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile   /etc/group

Include /etc/proftpd.d/*.conf



Any support will be greatly appreciated!
Thank you

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5373
    • View Profile
    • http://www.castaglia.org/
Re: PASV - long execution time
« Reply #1 on: January 09, 2017, 05:41:58 pm »
Is there a NAT/firewall/router between your FTP client and the FTP server?  If so, you may need to explicitly configure a range of ports, in the NAT/firewall/router, for use for passive transfers -- and a PassivePorts directive to tell ProFTPD to use that same range of ports:

   http://www.proftpd.org/docs/howto/NAT.html

Timeouts like the one you're describing often happen because the FTP client times out trying to connect to the address/port specified by the FTP server in its PASV response -- and that address/port is often unavailable because some NAT/firewall/router blocks the connection to that random/high-numbered port.

 

sighted planning