Forum Debian Users Gang

masonix · 2006-04-13 00:05:58

Witam postawiłem dzisiaj serwer FTP przez proftpd i mam następujący problem, otóż łącząc się poprzez windowsowego Total Commandera trwa bardzo długo "pobieranie danych katalogu" trwa to ok 20 sekund!.
Gdy już dojdzie do zalogowania wszystko działa bez zastrzeżeń.

Łącze sie przez lan, serwer to celeron 500 z 256 mb ramu, system Debian Sarge

Dodanie tych regułek do konfigu nic nie pomogło
UseReverseDNS off
IdentLookups off

Konfig proftpd.conf:

#
# /etc/proftpd.conf — This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "Mason's Private FTP Server"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin .welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter *.*/

UseReverseDNS off
IdentLookups off

# zapis logow
ExtendedLog /var/log/proftp.log

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

<Anonymous /home/pub>
User ftp
Group nogroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
AnonRequirePassword off
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp

RequireValidShell off

# Limit the maximum number of anonymous logins
MaxClients 2 "za duzo chetnych naraz"
MaxClientsPerHost 2 "za duzo polaczen na jednym IP"
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin .welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Directory /home/pub>
<Limit WRITE>
AllowAll
</Limit>
</Directory>

# Uncomment this if you're brave.
# <Directory incoming>
# # Umask 022 is a good standard umask to prevent new files and dirs
# # (second parm) from being group and world writable.
# Umask 022 022
# <Limit READ WRITE>
# DenyAll
# </Limit>
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>

</Anonymous>
[/quote]

Ustawienia firewalla:

#
#wlaczenie w kernel'u forwardowania
#
echo 1 > /proc/sys/net/ipv4/ip_forward
#
# czyszczenie starych regul
#
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
#
# ustawienie polityki dzialania
#
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
# zabezpieczenia przed atakami
#
#blokada ipspoofing
echo "1" >/proc/sys/net/ipv4//conf/all/rp_filter
#ochrona przed atakami syn cokkies
echo "1" >/proc/sys/net/ipv4/tcp_syncookies
#brak reakcji na fałszywe komunikaty o błedach
echo "1" >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#ochrona przed atakami smurf
echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#
# zezwolenie na ruch po loopback
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -o lo -j ACCEPT
#
# zezwalamy na PING
#
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#
# zezwolenie na laczenie sie z naszym zewnetrznym ip po ssh
#
iptables -A INPUT -s 0/0 -d 192.168.0.5 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 192.168.0.5 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.0.5 -p udp --dport 22 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 192.168.0.5 -p udp --dport 22 -j ACCEPT
#
# zezwolenie na laczenie sie z naszym wewnetrznym ip po ssh
#
iptables -A INPUT -s 0/0 -d 192.168.1.1 -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 192.168.1.1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 0/0 -d 192.168.1.1 -p udp --dport 22 -j ACCEPT
iptables -A OUTPUT -s 0/0 -d 192.168.1.1 -p udp --dport 22 -j ACCEPT
#
# polacznie nawiazane
#
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
#
# udostepnianie internetu w sieci lokalnej
#
iptables -t nat -A POSTROUTING -s 192.168.1.0/10 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/10 -j ACCEPT
#
# udostepnianie portow dla SAMBY
#
#akceptowanie polaczen na port tcp 139 z sieci lokalnej
#
iptables -A INPUT -p TCP -s 192.168.1.0/10 --destination-port 139 -j ACCEPT
#
# akceptowanie polaczen na port udp 137 z seci lokalnej
#
iptables -A INPUT -p UDP -s 192.168.1.0/10 --destination-port 137 -j ACCEPT
#
# akceptowanie polaczen na port udp 138 z sieci lokalnej
#
iptables -A INPUT -p UDP -s 192.168.1.0/10 --destination-port 138 -j ACCEPT
#
# FTP
#
iptables -A INPUT -i eth1 -p tcp -j ACCEPT -m state --state NEW -d 192.168.1.1 --destination-port 21
[/quote]

Jak wygląda to u Was ?

[url=http://userbars.org][img]http://img209.imageshack.us/img209/3974/debiancu6.png[/img][/url]
[url=http://userbars.org][img]http://img89.imageshack.us/img89/6861/bashqm1.png[/img][/url]

Offline

Time (s)	Query
0.00016	SET CHARSET latin2
0.00008	SET NAMES latin2
0.00143	SELECT u., g., o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='18.118.33.255' WHERE u.id=1
0.00108	REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '18.118.33.255', 1738354079)
0.00094	SELECT * FROM punbb_online WHERE logged<1738353779
0.00120	DELETE FROM punbb_online WHERE ident='85.208.96.201'
0.00096	SELECT topic_id FROM punbb_posts WHERE id=25526
0.00079	SELECT id FROM punbb_posts WHERE topic_id=3235 ORDER BY posted
0.00162	SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=3235 AND t.moved_to IS NULL
0.00009	SELECT search_for, replace_with FROM punbb_censoring
0.00123	SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=3235 ORDER BY p.id LIMIT 0,25
0.00126	UPDATE punbb_topics SET num_views=num_views+1 WHERE id=3235
Total query time: 0.01084 s

Forum Debian Users Gang

Ogłoszenie

#1 2006-04-13 00:05:58

masonix - Użytkownik

Proftpd długie logowanie

#2 2006-04-13 07:55:52

masonix - Użytkownik

Re: Proftpd długie logowanie

Stopka forum

Informacje debugowania