Hi everyone, I sometimes have this problem with pure-ftpd that don't let me connect because of too many connections. I tryed to manually replicate the problem but I can't. I think the error code was 421, can't find it in log files. I'll continue to do some tests to see if I can replicate the problem. This is what I have installed: Code: pure-ftpd-common/stable,now 1.0.49-4.1 all [installed] pure-ftpd-mysql/stable,now 1.0.49-4.1 amd64 [installed] My main configuration file: Code: ChrootEveryone yes BrokenClientsCompatibility no MaxClientsNumber 50 Daemonize yes MaxClientsPerIP 8 VerboseLog no DisplayDotFiles yes AnonymousOnly no NoAnonymous no SyslogFacility ftp DontResolve yes MaxIdleTime 15 LimitRecursion 10000 8 AnonymousCanCreateDirs no MaxLoad 4 AntiWarez yes Umask 133:022 MinUID 100 AllowUserFXP no AllowAnonymousFXP no ProhibitDotFilesWrite no ProhibitDotFilesRead no AutoRename no AnonymousCantUpload no MaxDiskUsage 99 CustomerProof yes I modified with files inside /conf/ folder: Code: LimitRecursion 150000 15 MinUID 1000 NoTruncate yes DisplayDotFiles yes UnixAuthentication no BrokenClientsCompatibility yes DontResolve yes MaxClientsNumber 50 PAMAuthentication yes TLS 1 ChrootEveryone yes FSCharset UTF-8 MaxIdleTime 30 NoAnonymous yes PassivePortRange 30000 50000 TLSCipherSuite HIGH When the problem occurs with Code: netstat -an |grep :21 I see a lot of CLOSE_WAIT and TIME_WAIT connections. I saw that the problem may be a old version of Filezilla but I need a server solution. (not confirmed, have to test) I thought to limit the connections with this: Code: MaxClientsPerIP 8 But I saw that one client only was saturating the entire 50 connections. Is it possible? I don't want to raise this parameter: Code: MaxClientsNumber 50 Because I don't consieder this a solution. Thanks if anyone can help.
The error code "421 Too many connections" is a error you'll see on the client-side when your MaxClientsPerIP limit hits. It usually specifies the limit like this message: Is it possible that multiple connections are happening from your/the same IP? Could happen if NAT is in play, so that for incomming connections on port 21 your server always sees the IP of the firewall.
Thank you for your reply. The problem isn't about the 8 connections per IP. It's only one IP that uses all 50 available connections and other clients with differents IPs can't connect because the limit is 50. It seems that the variable MaxClientsPerIP is not working.
Question is why are there so many connections in the first place? You may want to check logs and see which user is it is. May raise the Max Connections as a workaround. CLOSE_WAIT indicates that the remote endpoint (other side of the connection) has closed the connection. TIME_WAIT indicates that local endpoint (this side) has closed the connection. The connection is being kept around so that any delayed packets can be matched to the connection and handled appropriately. The connections will be removed when they time out within four minutes.
Maybe you use a FTP client which contains a download accelerator feature? There is some software out there that opens a bunch of simultaneous connections to speed up transfers. And keep in mind that many settings for pure-ftpd on Debian and Ubuntu are not done via the central config file, settings in /etc/pure-ftpd/conf/ files override them.
Thanks for your time. I just want to know if there is something I can do server side to limit the connections to 8 per IP because I don't want that an IP use all the 50 allowed connections. If this is not possible is there a way to change the time of CLOSE_WAIT and/or TIME_WAIT to free some connections? Is it safe to do? I don't know which client is used, this is why I need to do something server side. Regarding the configuration I was not sure, that's why I posted both. I suppesed that MaxClientsPerIP setted to 8 will block more than 8 attempt to simultaneous connection by IP.
Like till already mentioned this could be an client with download accelerator feature too. However make sure your configuration is correct. In the path /etc/pure-ftpd/conf/ there should be 2 files: - MaxClientNumber - MaxClientsPerIP These files have no file extension and just contain the value like "50". After changing/creating these files make sure to run systemctl restart pure-ftpd-mysql
Sure, but what we want to known if there is a way to stop download manager from server side. Actually we have: MaxClientsNumber 50 MaxClientsPerIP 8 but what we got is the some ips grab all the 50 slot with CLOSE_WAIT also if the limit per ip is 8. In that way, also if the connections are in close_wait status, no newer connection are allowed, so others customers can't access via ftp too