HPE Community
Operating System - HP-UX
1834646 Members
2483 Online
110069 Solutions
New Discussion

Re: ftpd -m OPTION!!!!

 
SOLVED
Go to solution
RAC_1
Honored Contributor

‎06-24-2005 08:49 AM

‎06-24-2005 08:49 AM

ftpd -m OPTION!!!!

We are having problems with ftpd errors. Errors report code 425. User is doing ftp ftom windows XP machine and once in a while he gets this error. (once in a while) When he gets that error I can see in syslog that the ftpd logged error is "refused PORT 0,0"

Now passive ftp is an option here. Can't go that way yet. User is using plain ftp executable from window$$

I read man page carefully and thuoght of putting -m option (I used -m 9) and error seems to go away for a while. I take -m option out and it returns. Not every time, but once in while it does give "refused PORT 0,0" thing.

Another sysadmin contesting that it has no effect on this error whatsoever. And the default is 10. Where the hell defaut is 10 mentioned??

Will somebody shed some light on this?? Wether to use this or not??

OS - 11.11, latest patches.

Anil
There is no substitute to HARDWORK
0 Kudos
8 REPLIES 8
Robert-Jan Goossens_1
Honored Contributor

‎06-24-2005 08:59 AM

‎06-24-2005 08:59 AM

Solution

Re: ftpd -m OPTION!!!!

Hi Anil,

http://www2.itrc.hp.com/service/cki/search.do?category=c0&mode=text&searchString=%22ftpd+-m%22&search.x=0&search.y=0&searchCrit=allwords&docType=Security&docType=Patch&docType=EngineerNotes&docType=BugReports&docType=Hardware&docType=ReferenceMaterials&docType=ThirdParty

----
On ftp servers that are heavily loaded, there are situations
where the ftpd daemon fails to create the data socket as it
exceeds the retry count (default retries = 10).

To resolve this, use an undocumented "-m xxx" option where
xxx represents the number of retries up to a maximum of 999.
For example, /etc/inetd.conf entry becomes:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -m 999
----

HTH,
Robert-Jan
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎06-24-2005 09:18 AM

‎06-24-2005 09:18 AM

Re: ftpd -m OPTION!!!!

You could bump the -m option up higher but in looking at the ftpd source code, 425 results when an accept() fails probably because the server is very busy. I would put the onus of retries back on the client.

If you can talk your Windows guys into installing ActivePerl (free) then Perl's Net::FTP module makes this very easy. Basically the client can look at the status and if's it's not '2' (FTP speak for good) then retry up to n times are delaying a bit.

Invoke the attached Perl script as ftpget.pl -u for full usage. It will run equally well on UNIX and Windows.
If it ain't broke, I can fix that.
0 Kudos
RAC_1
Honored Contributor

‎06-24-2005 09:19 AM

‎06-24-2005 09:19 AM

Re: ftpd -m OPTION!!!!

Robert,

The man does say there is -m option. But nothing more than that. Where is this "default 10" Thing is mentioned??

Also can not open the link that you gave.

Anil
There is no substitute to HARDWORK
0 Kudos
RAC_1
Honored Contributor

‎06-24-2005 09:25 AM

‎06-24-2005 09:25 AM

Re: ftpd -m OPTION!!!!

Clay,

Where is this source code?? (and where is default 10 thing menntioned??)

The user is adament, and no matter how and what I tried, his only reasoning is "it was working before and why not now" As I said, the client is windows$ ftp executable. Does seem to have a feature as retry bind() thing, if it fails.

Anil
There is no substitute to HARDWORK
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎06-24-2005 09:31 AM

‎06-24-2005 09:31 AM

Re: ftpd -m OPTION!!!!

There are a number of ftpd sources available from the HP-UX Porting Centre's including wu_ftpd. FTP is expected to fail periodically; those who don't check error codes deserve what they get. This could even be a duplex mismatch. Surprisingly, FTP almost works well with duplex mismatches although transmission speeds will be greatly reduced. I would have this user do some puts and gets of a 1MB or so file. Do the transfer rates seem reasonable?
If it ain't broke, I can fix that.
0 Kudos
vinod_25
Valued Contributor

‎06-24-2005 12:27 PM

‎06-24-2005 12:27 PM

Re: ftpd -m OPTION!!!!

hi RAC,

This problem was resolved by enabling privileged mode for ftpd(1M),
however, this raises a security issue.

The default action of ftpd(1M) does not allow usage of reserved ports
as the originating port on the client's system. The PORT command
cannot specify a reserved port. The "-p" option allows the client
to specify a reserved port.

Note that allowing the use of reserved ports can result in the misuse
of ftpd. The security ramifications should be understood before the
option is turned on. Since the client is opening ftp through a
particular port in this application, any person who knows the
privileged port can have access to the system details.

A safer course would be to modify the port number through which
this particular client is calling the host. The application vendor
may be able to help in this.

To enable privileged mode for ftpd(1M), edit the /etc/inetd.conf file
and add the "-p" option to the ftpd entry. It is necessary to
restart the inetd daemon after editing this file. Example syslog
entries below indicate a successful connection:

Jun 29 15:54:32 hostname ftpd[25474]: FTP LOGIN FROM
123.4.567.890,
Jun 29 15:54:32 hostname ftpd[25474]: PORT
Jun 29 15:54:32 hostname ftpd[25474]: Client port is a
privileged port. ftpd option 'p' overrides default.
Jun 29 15:54:32 hostname ftpd[25474]: User logged out


regards

Vinod K
0 Kudos
Robert-Jan Goossens_1
Honored Contributor

‎06-24-2005 11:25 PM

‎06-24-2005 11:25 PM

Re: ftpd -m OPTION!!!!

Anil,

Europe
http://www4.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000067909242

US
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000067909242

Document description: ftp error: "425 Can't create data socket... address already in use"
Document id: 4000055594
0 Kudos
RAC_1
Honored Contributor

‎06-27-2005 04:46 AM

‎06-27-2005 04:46 AM

Re: ftpd -m OPTION!!!!

Clay and Robert helped me understand default 10 thing.

Vinod,

At the moment, we can not do ftpd -p

Thank you ALL.

Anil
There is no substitute to HARDWORK
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.