# Strange glftpd problem

## Skardal

I've been workin' on a glftpd server the last days, and it works pretty good now, but I sill have one BIG problem.

LAN computers can connect without problems. Some outside (wan) computers can connect without problems, some have to wait for several minutes before they finally connects and someone even can't log on at all. Just timeout.

This is my xinet configs:

xinet.conf

```

defaults

{

        instances      = 60

        log_type       = SYSLOG authpriv info

        log_on_success = HOST PID

        log_on_failure = HOST

        cps            = 25 30

}

```

xinet.d/glftpd

```
service glftpd

{

    disable         = no

    flags           = REUSE NAMEINARGS

    socket_type     = stream

    protocol        = tcp

    wait            = no

    user            = root

    server          = /usr/sbin/tcpd

    server_args     = /opt/glftpd/bin/glftpd -l -i -z cert=/etc/glftpd-dsa.pem -o -r /opt/glftpd/glftpd.conf -s /opt/glftpd/bin/glstrings.bin

}

```

glftpd.conf

```

# Server shutdown: 0=server open, 1=deny all but siteops, !*=deny all, etc

#shutdown 1

sitename_long   HVV[:space:]VI[:space:]SITE    

sitename_short  HVV_VI

email           mail@my.ass

rootpath /opt/glftpd/

# Path relative to the ROOTPATH.

datapath        /ftp-data 

welcome_msg     /ftp-data/misc/welcome.msg      *

goodbye_msg     /ftp-data/misc/goodbye.msg      *

newsfile        /ftp-data/misc/newsfile         *

banner          /ftp-data/misc/banner

# TLS enforcements.

userrejectsecure        !*

userrejectinsecure      !*

denydiruncrypted        !*

denydatauncrypted       !*

# we will not show the dir/file listings in color

color_mode 0

# passive ports and adresse

pasv_ports 50000-50100

pasv_addr 62.113.132.74 1

# allow fxp

allow_fxp yes yes no *

##############################################################################

# SECTION #     KEYWORD                 DIRECTORY       SEPARATE CREDITS     #

##############################################################################

stat_section    DEFAULT                 *               yes

##############################################################################

##################     THE RIGHTS SECTION BEGINS HERE     ####################

##############################################################################

# (you can use a ! in front of any group/user/flag to negate it)             #

# The default is no, you don't need to add "!*" at the end                   #

#                                                                            #

# Function       Path                   =GROUP or -username or X (flag)      #

##############################################################################

upload          *                               *

resume          *                               *

makedir         *                               *

download        *                               *

dirlog          *                               *

rename          *                               1 =STAFF

filemove        *                               1 =STAFF

renameown       *                               *

nuke            *                               *

delete          *                               1

deleteown       *                               *

##############################################################################

###################     THE RIGHTS SECTION ENDS HERE     #####################

##############################################################################

##############################################################################

# secure_pass   mask            users to whom this rule applies              #

##############################################################################

#secure_pass    a2..            *

##############################################################################

# secure_ip   min. fields   allow hostnames?   need ident?   users to whom this applies

##############################################################################

#secure_ip      1               1               1               *



##############################################################################

#path-filter    group   path/msgfile                    filters

path-filter     *       /ftp-data/misc/pathmsg          ^[-A-Za-z0-9_.()[:space:]]*$  ^\.  ^-  

use_dir_size k /site/incoming

show_totals     *               *

show_diz        .message        *

free_space 20

max_users 15 5

total_users 300

# dupecheck     how many days?  ignore file case like Windows?

dupe_check      7               no

dl_incomplete 1

noretrieve      passwd  passwd- group   group-

min_homedir     /site

#############################################################################

#        <cap 1st letter>   <lower/upper>       character conversions...

#file_names     0               lower           [:space:]_

#dir_names      1               none            [:space:]_

#############################################################################

#tagline                No[:space:]Tagline[:space:]Set

ignore_type  *.[tT][xX][tT] *.[nN][fF][oO] [rR][eE][aA][dD][mM][eE] .message

ignore_type  *.[sS][fF][vV] *.[cC][rR][cC] *.[dD][iI][zZ]

#############################################################################

#pre_dir_check  /bin/dirscript

#pre_check      /bin/dupescript

#post_check     /bin/zipscript

#############################################################################

############## Location #################### Max number of lines in Display #

requests        /ftp-data/misc/requests         10

#############################################################################

oneliners       10

lastonline      0

############################################################################

# Nukedir_Style:                                

# 1st. Option   [Format: %N = DIR]

# 2nd. Option   0 = Delete ALL, 1 = Save main dir.,  2 = Save ALL (UNNUKE) 

# 3rd. Option   [Byte Size] for nuker to discount.

############################################################################

nukedir_style   NUKED-%N        2       50000


empty_nuke      25000

multiplier_max  20

############################################################################

# Private Groups:   privgroup GROUPNAME GROUPDESC                          #

############################################################################

privgroup       STAFF            Site[:space:]Staff[:space:]Group

############################################################################

# PRIVPATHS:  Directories should be uniquely named (no wildcards)          #

############################################################################

#privpath /site/privatedir      1 =STAFF

############################################################################

# CUSTOM SITE COMMANDS                                                     #

# site_cmd [CMD NAME] [EXEC/TEXT] [PATH TO FILE]                           #

############################################################################

site_cmd RULES          TEXT    /ftp-data/misc/site.rules

site_cmd LOCATE         EXEC    /bin/locate.sh

# Some aliases for group stats commands

site_cmd GRPWKUP        IS      GPWK

site_cmd GRPWKDN        IS      GPWD

site_cmd GRPMONTHUP     IS      GPMONTHUP

site_cmd GRPMONTHDN     IS      GPMONTHDN

site_cmd GRPALUP        IS      GPAL

site_cmd GRPALDN        IS      GPAD

custom-grpwkup          !8 *

custom-grpwkdn          !8 *

custom-grpmonthup       !8 *

custom-grpmonthdn       !8 *

custom-grpalup          !8 *

custom-grpaldn          !8 *

custom-rules    !8 *

#locate allows users to search priv dirs !!!!, do not use it

custom-locate   1

-addip           1 2 7

-adduser         1 2 7

-change          1 7

-changeallot     1 2 7

-changeflags     1

-changeratio     1 2 7

-changesratio    1 7

-changehomedir   1

-chmod           1

-chgadmin        1 7

-chgrp           1 7

-chgrp-priv      1

-chpass          1

-delip           1 2 7

-delownip       !8 *

-deluser         1 2 7

-dirs           !8 *

-errlog          1

-flags          !8 *

-gadduser        1 7

-ginfo           2 H

-give            G

-group          !3 *

-groups         !8 * 

-grp            !8 *

-groupcomment    1

-grpadd          1

-grpchange       1

-grpdel          1

-grplog          1

-grpnfo          1 2

-grpren          1

-grpstats        *

-help           !8 *

-info           !8 *

-kick            D

-kill            E

-logins          1

-misc           !8 *

-msg            !8 *

-msg*            1

-msg=            1

-msg{           !8 *

-nuke            A

-onel           !8 *

-oneladd        !8 *

-passwd         !8 *

-predupe         C

-purge           1

-readd           1 2 7

-renuser         1 7

-reqlog          1 A B 7

-request        !8 *

-requestadd     !8 *

-show            1

-showhiddenusers 1

-stat           !8 *

-stats          !8 *

-swho            =STAFF 1 E

-take            F

-syslog          1 =STAFF

-undupe          C

-unnuke          B

-update          1

-user           !8 *

-users           H

-usercomment     1 7

-userextra       1 2 7

-who            !8 *

-wipe            1

-seen            1

-laston          1

-userothers      1

-traffic         1 7

```

I've forwarded port 50000-50100 in my router.

This is starting to freak me out   :Shocked: 

----------

## Skardal

I just tested with pure-ftpd. It works without problems...All users can connect.

Please!

I've noticed there's others with the same unsolved question...

----------

## statare

Hmm I had something similar, but that was on a old version. Don't use glfpd anymore. I solved it by switching client. Users with flashfxp had no problem so I told everyone to use that. I have no idea why that worked. And make sure they use passive mode if they are firewalled.

Here is a nice explanation of passive and active http://slacksite.com/other/ftp.html

----------

## elestedt

Their IP has to be allowed before the server accepts their connections!

Add their IP using

```
site users addip <user> <ipmask>
```

and it should work

----------

## Skardal

All users are added with correct ipmask.

I'll try the passive/active case  :Smile: 

Thanks, so far!

----------

## Skardal

Still not working..When users who just get timeout tries to connect I noticed this:

```

ps aux | grep ftp

root      7565  0.0  0.0   4424  1364 ?        Ss   18:32   0:00 glftpd:ns0.gene6.net: connected

```

----------

## elestedt

 *Skardal wrote:*   

> Still not working..When users who just get timeout tries to connect I noticed this:
> 
> ```
> 
> ps aux | grep ftp
> ...

 

Does either server or client run a firewall?

Otherwise I would check dmesg and glftp logs for errors.

----------

## Xake

Got a solution? It seems like I experience the same problem.

----------

## Skardal

Not really...I choosed to use a Debian box for my glftpd..That worked without any pain  :Razz: 

I do think it's the xinetd that's the problem...

----------

## Xake

I forgot about this topic, sorry.

I found a workaround that worked on this system, maybe you can try and confirm?

I had to compile xinet without the tcpd use-flag and then alter xinet.d/glftpd to not use tcpd.

After that everything started to work just as it should.

----------

## qriff

Nothing strange...

Partial "man tcpd":

"RFC 931

       When RFC 931 etc. lookups are enabled (compile-time option) tcpd will attempt

       to establish the name of the client user. This will succeed only if the client

       host runs an RFC 931-compliant daemon. Client user name lookups will not work

       for datagram-oriented connections, and may cause noticeable delays in the case

       of connections from PCs."

----------

