# pure ftp madness

## Gentree

I have just installed  pure-ftp

I can start /etc/init.d/pure-ftpd  fine , but I can stop it!

```
bash-3.00#/etc/init.d/pure-ftpd stop

 * Stopping Pure-FTPd ...                                                 [ !! ]
```

I tried this straight after a clean boot, it is not in a runlevel , I did a manual start.

What's more I cant even see a process that correcponds.

That in itself is worrying.

Anyone know what this is about?

TIA Gentree. :Cool: 

----------

## ikaro

try posting your config, I use pure-ftpd and it works fine, maybe we can find out whats wrong.

----------

## Gentree

Thanks,

seems to be a faulty "server" line in the config. I commented it out and I was able to start and stop.

I started once with something it does not like and I am back to square one. It says it start [OK] but apparently does not . 

Then I cant stop but cant restart either even without the faulty line and no process to kill.

This seems to be a known bug from the comments but what can I do to deal with this?

I need to know what is getting messed up since all I can do now is reboot each time. :Evil or Very Mad: 

----------

## ikaro

post your config.

----------

## Gentree

```
# Config file for /etc/init.d/pure-ftpd

##Comment variables out to disable its features, or change the values in it... ##

## This variable must be uncommented in order for the server to start ##

IS_CONFIGURED="yes"

## FTP Server,Port (separated by comma) ##

## If you prefer host names over IP addresses, it's your choice :

## SERVER="-S ftp.rtchat.com,21"

## IPv6 addresses are supported.

## !!! WARNING !!!

## Using an invalid IP will result in server not starting and reporting

## a good start. Work is being done to solve that in:

## http://bugs.gentoo.org/show_bug.cgi?id=75861

#SERVER="-S 192.168.0.3,21"

#SERVER="-g /var/run/pure-ftpd.pid"

#SERVER="-S ftp.localdomain,21"

## Number of simultaneous connections in total, and per ip ##

MAX_CONN="-c 5"

MAX_CONN_IP="-C 5"

## Start daemonized in background ##

DAEMON="-B"

## Don't allow uploads if the partition is more full then this var ##

DISK_FULL="-k 90%"

## If your FTP server is behind a NAT box, uncomment this ##

#USE_NAT="-N"

## Authentication (others are 'pam', ...)##

## Further infos in the README file.

AUTH="-l unix"

## Change the maximum idle time. (in minutes. default 15)

#TIMEOUT="-I <timeout>'"

## Use that facility for syslog logging. It defaults to 'ftp'

## Logging can be disabled with '-f none' .

#LOG="-f facility"

## Misc. Others ##

MISC_OTHER="-A -E -x -j -H -B"

```

I have found that the error lies in the server line. This seems to be a sticky area.

I have two issues to solve.

1/I wish to name the server

2/ If this fails due to a config error how can I clear the problem without rebooting!

Thanks for your help.  :Cool: 

----------

## ikaro

tried with this ?

```

SERVER="-S 21"

```

----------

## Gentree

Yes! that fixed it ,thx.

[/code]

bash-3.00#lftp                 

lftp :~> connect newsys

lftp newsys:~> pwd

ftp://newsys

lftp newsys:~> list

Unknown command `list'.

lftp newsys:~> cd distfiles

```

but any attempt to do anything like the cd above gets: "Delaying before reconnect: ..."

What I am ultimately tring to do is set up a local portage mirror. I have rsyncd working a treat.

I know there are some guildes but it seems I will have to resolve my ftp issues before I worry about that. For the mo' if I try emerge of the local server I get ftp timeouts.

In any case I want to set up a small anon ftp on a dyndns.org name.

Thanks for your help. 8)
```

----------

## ikaro

you need to open port 20, and possibly a port range like 1400: 1500

the delay its caused because dir listing isnt happening, so it timeout.

in the config, add:" -p 1400:1500" and open those too in the $FW ( if any )

How does your network looks like ? how many machines, ip addresses and OS.

connectivity status as well.

----------

## Gentree

for the moment it's a one PC network! ( well there are other machines but they're not connect for this exercise.)

I just want to get the ftpd to let me emerge off another partition. 

I have enough network to use rsync and have already managed to sync the new portagedir to the dupe I am now using as the source for rsyncing.

I must be the ports .

I used rp-pppoe to set up masquerading so I'll have to dig into that and see how to open a few ports.

Thx.  :Cool: 

strange I can do pwd but not ls  :Confused: 

----------

## Gentree

jeeeez this is going to take me hours to figure out just to add one damn line to a file somewhere,

If you can point me at it , it would be a great help.

TIA  :Cool: 

----------

## ikaro

MISC_OTHER="-A -E -x -j -H -B -p 1400:1500"

----------

## Gentree

OK , thanks , it was port 20 and the firewall that I think is blocking me . I use rp-pppoe configured masqerading:

```
#!/bin/sh

#

# firewall-masq   This script sets up firewall rules for a machine

#                       acting as a masquerading gateway

#

# Copyright (C) 2000 Roaring Penguin Software Inc.  This software may

# be distributed under the terms of the GNU General Public License, version

# 2 or any later version.

# LIC: GPL

# Interface to Internet

EXTIF=ppp+

ANY=0.0.0.0/0

ipchains -P input ACCEPT

ipchains -P output ACCEPT

ipchains -P forward DENY

ipchains -F forward

ipchains -F input

ipchains -F output

# Deny TCP and UDP packets to privileged ports

ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY

ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY

# Deny TCP connection attempts

ipchains -A input -l -i $EXTIF -p tcp -y -j DENY

# Deny ICMP echo-requests

ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY

# Do masquerading

ipchains -A forward -j MASQ

echo 1 > /proc/sys/net/ipv4/ip_forward

```

thanks again[/quote] for your help.  :Cool: 

----------

## ikaro

ipchains ?! isnt that 'alittle too old' ?  :Smile: 

check this out:

http://qtables.radom.org/

iptables generator script.

PS: when in doubt if you should open tcp or udp or both, check /etc/services

for example:

```

~ grep pop3 /etc/services 

pop3      110/tcp      pop-3      # Post Office Protocol - Version 3

pop3      110/udp      pop-3

pop3s      995/tcp            # pop3 protocol over TLS/SSL

pop3s      995/udp

```

 :Smile: 

----------

## tutaepaki

As to your other Q about having to reboot, for your future reference...

/etc/init.d/pure-ftpd zap will reset the flag which is telling the init.d script that it's already running.

what's happening is that the server starts as far as the init script is concerned, and so the PID is saved. Then the server is stopping because of the config error. Unfortunately, the init script doesn't know that coz it's already finished. when you issue your stop, the init script looks for a process of the PID it found, and of course it's not running, so the stop fails. The zap fixes this.

----------

## Gentree

Ahh , many thanks . I'd realised in principal that is would be a flag getting set somewhere but did not know where to look or what to do about it.

Surely something a bit more together than that can be done? That's OK as a lash up to test a bit of code, but I am shocked all my runlevels are based on such an elementary and flakey method.  :Shocked: 

If the process fails , presumably it must exit with an error code . The presence or not of the pid should be based on a result of starting the demon, not on the intention to do it some time soon and hope it works.

This is sad! :Mad: 

----------

## tutaepaki

It seems to work better for some daemons than others. It looks to me like some daemons pass a successful start back to exec, (or however the init scripts start the new process) before they've checked their config file. Others check their config 1st and so the init script knows it's failed to start.

----------

## UberLord

 *tutaepaki wrote:*   

> It seems to work better for some daemons than others. It looks to me like some daemons pass a successful start back to exec, (or however the init scripts start the new process) before they've checked their config file. Others check their config 1st and so the init script knows it's failed to start.

 

We've already taken that into account and you can see that working code in baselayout-1.12.0-alpha2.

However, there are a few parts of that release that are very very buggy (but not the start-stop-daemon wrapper which hasn't been changed since then and works like a charm on all my boxes with a few deliberately b0rked configs  :Smile: 

----------

