Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. mod_backhand>
  3. Wackamole
Re: Wackamole and ProFTPd on FreeBSD
anderson at more
Sep 7, 2005, 7:50 AM
Post #1 of 10 (9814 views)
Permalink
Never saw any response to this so I thought I might try again...

Any one have any insight into this issue?

On Fri, May 06, 2005 at 02:09:27PM -0500, Eric L. Anderson wrote:
> Our organization is using wackamole to provide high-availability ISP
> services like SMTP, POP, IMAP and FTP all hosted on FreeBSD 5.3. All
> of the mail services work great in a wackamoled environment using
> Postfix and Courier-Imap and Pop. We then started work on FTP using
> ProFTPD. Unfortunately, ProFTPD is not working in the wackamoled
> environment.
>
> Here is what happens. If I connect to an IP being managed by
> Wackamole, I can get logged in but passive mode fails and ProFTPD
> drops the connection. ProFTPD works just fine if I connect to the
> hosts IP. Here are the log snippets from ProFTPD for this failure:
>
> proftpd: Failed binding to 192.168.0.20, port 0: Can't assign requested address
> proftpd: Check the ServerType directive to ensure you are configured correctly.
>
> The odd thing is ProFTPD works just fine if the IP is manually enabled
> on the system as follows:
>
> ifconfig bge0 alias 192.168.0.20 netmask 255.255.255.255
>
> Then ProFTPD works just fine.
>
> What is the difference in how wackamole is enabling the IP versus how
> ifconfig is doing it?
>
> --
> Eric L. Anderson
> anderson@more.net

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
jesus at omniti
Sep 7, 2005, 11:48 AM
Post #2 of 10 (9603 views)
Permalink
Eric L. Anderson wrote:

>Never saw any response to this so I thought I might try again...
>
>Any one have any insight into this issue?
>
>On Fri, May 06, 2005 at 02:09:27PM -0500, Eric L. Anderson wrote:
>
>
>>Our organization is using wackamole to provide high-availability ISP
>>services like SMTP, POP, IMAP and FTP all hosted on FreeBSD 5.3. All
>>of the mail services work great in a wackamoled environment using
>>Postfix and Courier-Imap and Pop. We then started work on FTP using
>>ProFTPD. Unfortunately, ProFTPD is not working in the wackamoled
>>environment.
>>
>>Here is what happens. If I connect to an IP being managed by
>>Wackamole, I can get logged in but passive mode fails and ProFTPD
>>drops the connection. ProFTPD works just fine if I connect to the
>>hosts IP. Here are the log snippets from ProFTPD for this failure:
>>
>>proftpd: Failed binding to 192.168.0.20, port 0: Can't assign requested address
>>proftpd: Check the ServerType directive to ensure you are configured correctly.
>>
>>The odd thing is ProFTPD works just fine if the IP is manually enabled
>>on the system as follows:
>>
>> ifconfig bge0 alias 192.168.0.20 netmask 255.255.255.255
>>
>>Then ProFTPD works just fine.
>>
>>What is the difference in how wackamole is enabling the IP versus how
>>ifconfig is doing it?
>>
>>
Are you running proftpd stand alone or from inetd? If you are running
it standalone, start it, add 192.168.0.20, then try passive FTP. It
maybe that proftpd notes the lack of IP at startup and then refuses to
"relearn" that the IP addres sis no available locally on the box.

--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/


_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
jesus at omniti
Sep 7, 2005, 11:48 AM
Post #3 of 10 (9585 views)
Permalink
Eric L. Anderson wrote:

>Never saw any response to this so I thought I might try again...
>
>Any one have any insight into this issue?
>
>On Fri, May 06, 2005 at 02:09:27PM -0500, Eric L. Anderson wrote:
>
>
>>Our organization is using wackamole to provide high-availability ISP
>>services like SMTP, POP, IMAP and FTP all hosted on FreeBSD 5.3. All
>>of the mail services work great in a wackamoled environment using
>>Postfix and Courier-Imap and Pop. We then started work on FTP using
>>ProFTPD. Unfortunately, ProFTPD is not working in the wackamoled
>>environment.
>>
>>Here is what happens. If I connect to an IP being managed by
>>Wackamole, I can get logged in but passive mode fails and ProFTPD
>>drops the connection. ProFTPD works just fine if I connect to the
>>hosts IP. Here are the log snippets from ProFTPD for this failure:
>>
>>proftpd: Failed binding to 192.168.0.20, port 0: Can't assign requested address
>>proftpd: Check the ServerType directive to ensure you are configured correctly.
>>
>>The odd thing is ProFTPD works just fine if the IP is manually enabled
>>on the system as follows:
>>
>> ifconfig bge0 alias 192.168.0.20 netmask 255.255.255.255
>>
>>Then ProFTPD works just fine.
>>
>>What is the difference in how wackamole is enabling the IP versus how
>>ifconfig is doing it?
>>
>>
Are you running proftpd stand alone or from inetd? If you are running
it standalone, start it, add 192.168.0.20, then try passive FTP. It
maybe that proftpd notes the lack of IP at startup and then refuses to
"relearn" that the IP addres sis no available locally on the box.

--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/


_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
anderson at more
Sep 7, 2005, 12:29 PM
Post #4 of 10 (9595 views)
Permalink
On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
>
> Are you running proftpd stand alone or from inetd? If you are running
> it standalone, start it, add 192.168.0.20, then try passive FTP. It
> maybe that proftpd notes the lack of IP at startup and then refuses to
> "relearn" that the IP addres sis no available locally on the box.

We are running it in inetd mode from xinetd.

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
jesus at omniti
Sep 7, 2005, 1:56 PM
Post #5 of 10 (9584 views)
Permalink
Eric L. Anderson wrote:

>On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
>
>
>>Are you running proftpd stand alone or from inetd? If you are running
>>it standalone, start it, add 192.168.0.20, then try passive FTP. It
>>maybe that proftpd notes the lack of IP at startup and then refuses to
>>"relearn" that the IP addres sis no available locally on the box.
>>
>>
>
>We are running it in inetd mode from xinetd.
>
>
If you assign multiple IP addresses manually can you make passive FTP
connections via each of the IPs or only to one?

--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/


_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
anderson at more
Sep 8, 2005, 7:12 AM
Post #6 of 10 (9618 views)
Permalink
On Wed, Sep 07, 2005 at 04:56:30PM -0400, Theo Schlossnagle wrote:
> Eric L. Anderson wrote:
>
> >On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
> >
> >
> >>Are you running proftpd stand alone or from inetd? If you are running
> >>it standalone, start it, add 192.168.0.20, then try passive FTP. It
> >>maybe that proftpd notes the lack of IP at startup and then refuses to
> >>"relearn" that the IP addres sis no available locally on the box.
> >>
> >>
> >
> >We are running it in inetd mode from xinetd.
> >
> >
> If you assign multiple IP addresses manually can you make passive FTP
> connections via each of the IPs or only to one?

I configured two additional aliases manually via ifconfig and passive
FTP works fine to both of them.

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
anderson at more
Sep 8, 2005, 10:26 AM
Post #7 of 10 (9604 views)
Permalink
I did some further investigation of this by looking at the ProFTPd
source and I noticed the following comment in inet.c:

* FreeBSD 2.2.6 (possibly other versions as well), has a security
* "feature" which disallows SO_REUSEADDR from working if the socket
* owners don't match. The easiest thing to do is simply make
* sure the socket is created as root. (Note: this "feature" seems to
* apply to _all_ BSDs.)

I then decided to see if I could reproduce this same behavior in a
program other than ProFTPd and outside of xinetd. I then installed
tcpserver which is from /usr/ports/sysutils/ucspi-tcp. This program
fails the same way that ProFTPd does. I first ran tcpserver against a
non-wackamole managed alias and it works fine:

# tcpserver -v -1 192.168.0.19 0 sh
51625
tcpserver: status: 0/40

I then ran tcpserver against a wackamole managed alias:

# tcpserver -v -1 192.168.0.20 0 sh
tcpserver: fatal: unable to bind: address not available

Looking at the source for ucspi-tcp, in socket_bind.c sets the
SO_REUSEADDR option. I am running tcpserver as user root and wackamole
is also running as user root.

So, how do you find out the socket owners?

On Thu, Sep 08, 2005 at 09:12:10AM -0500, Eric L. Anderson wrote:
> On Wed, Sep 07, 2005 at 04:56:30PM -0400, Theo Schlossnagle wrote:
> > Eric L. Anderson wrote:
> >
> > >On Wed, Sep 07, 2005 at 02:48:54PM -0400, Theo Schlossnagle wrote:
> > >
> > >
> > >>Are you running proftpd stand alone or from inetd? If you are running
> > >>it standalone, start it, add 192.168.0.20, then try passive FTP. It
> > >>maybe that proftpd notes the lack of IP at startup and then refuses to
> > >>"relearn" that the IP addres sis no available locally on the box.
> > >>
> > >>
> > >
> > >We are running it in inetd mode from xinetd.
> > >
> > >
> > If you assign multiple IP addresses manually can you make passive FTP
> > connections via each of the IPs or only to one?
>
> I configured two additional aliases manually via ifconfig and passive
> FTP works fine to both of them.
>
> --
> Eric L. Anderson
> anderson@more.net
>
> _______________________________________________
> wackamole-users mailing list
> wackamole-users@lists.backhand.org
> http://lists.backhand.org/mailman/listinfo/wackamole-users
>

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
jesus at omniti
Sep 8, 2005, 10:54 AM
Post #8 of 10 (9629 views)
Permalink
Eric L. Anderson wrote:

>I did some further investigation of this by looking at the ProFTPd
>source and I noticed the following comment in inet.c:
>
> * FreeBSD 2.2.6 (possibly other versions as well), has a security
> * "feature" which disallows SO_REUSEADDR from working if the socket
> * owners don't match. The easiest thing to do is simply make
> * sure the socket is created as root. (Note: this "feature" seems to
> * apply to _all_ BSDs.)
>
>I then decided to see if I could reproduce this same behavior in a
>program other than ProFTPd and outside of xinetd. I then installed
>tcpserver which is from /usr/ports/sysutils/ucspi-tcp. This program
>fails the same way that ProFTPd does. I first ran tcpserver against a
>non-wackamole managed alias and it works fine:
>
> # tcpserver -v -1 192.168.0.19 0 sh
> 51625
> tcpserver: status: 0/40
>
>I then ran tcpserver against a wackamole managed alias:
>
> # tcpserver -v -1 192.168.0.20 0 sh
> tcpserver: fatal: unable to bind: address not available
>
>Looking at the source for ucspi-tcp, in socket_bind.c sets the
>SO_REUSEADDR option. I am running tcpserver as user root and wackamole
>is also running as user root.
>
>So, how do you find out the socket owners?
>
>

It's the effective userid that called the socket() system call.
Wackamole doesn't own any sockets you care about.

After running wackamole, run ifconfig -a and send the output here. And
include your wackamole.conf. It is most likely a wackamole
misconfiguration or bug.


--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Ecelerity: Run with it. -- http://www.omniti.com/


_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
anderson at more
Sep 8, 2005, 11:17 AM
Post #9 of 10 (9604 views)
Permalink
On Thu, Sep 08, 2005 at 01:54:37PM -0400, Theo Schlossnagle wrote:
>
> After running wackamole, run ifconfig -a and send the output here. And
> include your wackamole.conf. It is most likely a wackamole
> misconfiguration or bug.

ifconfig -a
++++++++++++++++

bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet 192.168.0.134 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::20d:56ff:fe6f:61a0%bge0 prefixlen 64 scopeid 0x1
inet 192.168.0.151 netmask 0xffffffff broadcast 192.168.0.151
inet 192.168.0.140 netmask 0xffffffff broadcast 192.168.0.140
inet 192.168.0.152 netmask 0xffffffff broadcast 192.168.0.152
inet 192.168.0.153 netmask 0xffffffff broadcast 192.168.0.153
inet 192.168.0.144 netmask 0xffffffff broadcast 192.168.0.144
ether 00:0d:56:6f:61:a0
media: Ethernet 100baseTX <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
++++++++++++++++

wackamole.conf:
++++++++++++++++
# The Spread daemon we are going to connect to. It should be on the
# local box
Spread = 4803
SpreadRetryInterval = 5s
# The group name
Group = wack1
# Named socket for online control
Control = /var/run/wack.it

# In most cases, I just don't care. Let wackamole decide.
Prefer None

# List all the virtual interfaces (ALL of them)
VirtualInterfaces {
bge0:192.168.0.140/32
bge0:192.168.0.144/32
bge0:192.168.0.152/32
bge0:192.168.0.153/32
}

# Collect and broadcast the IPs in our ARP table every so often
Arp-Cache = 90s

Notify {
# Let's notify our router:
bge0:192.168.0.254/32

arp-cache
}
balance {
# This field is the maximum number of IP addresses that will
# move
# from one wackamole to another during a round of balancing.
AcquisitionsPerRound = all
# Time interval in each balancing round.
interval = 4s
}
# How long it takes us to mature
mature = 5s
++++++++++++++++

Note that 192.168.0.151 is an IP not managed by wackamole.

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users
Re: Re: Wackamole and ProFTPd on FreeBSD [ In reply to ]
anderson at more
Sep 19, 2005, 8:54 AM
Post #10 of 10 (9620 views)
Permalink
On Thu, Sep 08, 2005 at 01:17:51PM -0500, Eric L. Anderson wrote:
> On Thu, Sep 08, 2005 at 01:54:37PM -0400, Theo Schlossnagle wrote:
> >
> > After running wackamole, run ifconfig -a and send the output here. And
> > include your wackamole.conf. It is most likely a wackamole
> > misconfiguration or bug.
>
> ifconfig -a
> ++++++++++++++++
>
> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
> inet 192.168.0.134 netmask 0xffffff00 broadcast 192.168.0.255
> inet6 fe80::20d:56ff:fe6f:61a0%bge0 prefixlen 64 scopeid 0x1
> inet 192.168.0.151 netmask 0xffffffff broadcast 192.168.0.151
> inet 192.168.0.140 netmask 0xffffffff broadcast 192.168.0.140
> inet 192.168.0.152 netmask 0xffffffff broadcast 192.168.0.152
> inet 192.168.0.153 netmask 0xffffffff broadcast 192.168.0.153
> inet 192.168.0.144 netmask 0xffffffff broadcast 192.168.0.144
> ether 00:0d:56:6f:61:a0
> media: Ethernet 100baseTX <full-duplex>
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
> ++++++++++++++++
>
> wackamole.conf:
> ++++++++++++++++
> # The Spread daemon we are going to connect to. It should be on the
> # local box
> Spread = 4803
> SpreadRetryInterval = 5s
> # The group name
> Group = wack1
> # Named socket for online control
> Control = /var/run/wack.it
>
> # In most cases, I just don't care. Let wackamole decide.
> Prefer None
>
> # List all the virtual interfaces (ALL of them)
> VirtualInterfaces {
> bge0:192.168.0.140/32
> bge0:192.168.0.144/32
> bge0:192.168.0.152/32
> bge0:192.168.0.153/32
> }
>
> # Collect and broadcast the IPs in our ARP table every so often
> Arp-Cache = 90s
>
> Notify {
> # Let's notify our router:
> bge0:192.168.0.254/32
>
> arp-cache
> }
> balance {
> # This field is the maximum number of IP addresses that will
> # move
> # from one wackamole to another during a round of balancing.
> AcquisitionsPerRound = all
> # Time interval in each balancing round.
> interval = 4s
> }
> # How long it takes us to mature
> mature = 5s
> ++++++++++++++++
>
> Note that 192.168.0.151 is an IP not managed by wackamole.
>

Any thoughts on this? Configuration error or bug?

--
Eric L. Anderson
anderson@more.net

_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal