wu-ftp: connection lente

Page principale

Répondre à ce message
Auteur: Yves Martin
Date:  
À: guilde
Sujet: wu-ftp: connection lente

Bonjour,

J'ai un problème de connection avec wu-ftp sur une machine en DMZ
... ce qui interdit le reverse-dns depuis la machine client (intranet)

Les options par défaut du /etc/ftpaccess font que la connection est autorisée
malgré tout (invite login) mais cela uniquement après 30 secondes exactement.
[ les ports du firewall/routeur sont ouverts puisque la connection réussit ]

  Pour m'assurer du comportement, j'ai ajouté les lignes:
    dns refuse_mismatch /etc/ftp-warning override
    dns refuse_no_reverse /etc/ftp-warning override
    dns resolveroptions -dnsrch
  d'après la doc  http://www.wu-ftpd.org/man/ftpaccess.html


Mais cela ne change rien... toujours 30 secondes de délai.
Serait-ce un timeout ? pourtant le DNS est configuré correctement,
la commande 'host' répond immédiatement.
J'envisage d'utiliser tcpdump pour observer les paquets.

Quelqu'un a-t-il déjà rencontré le problème ? Toute piste
est la bienvenue.

Voici mon /etc/ftpaccess:

# This file controls the behavior of the wu-ftpd
# ftp server.
#
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.

# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp

# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it.
#
# You will need to setup the required applications
# and libraries in the root directory (set using
# guest-root).
#
# Look at the anonftp package for the files you'll need.
guestgroup ftpchroot

# User classes...
class all real,guest,anonymous *

# Set this to your email address
email root@localhost

# Allow 5 mistyped passwords
loginfails 5

# Notify the users of README files at login and when
# changing to a different directory
readme  README*    login
readme  README*    cwd=*


# Messages displayed to the user
message /welcome.msg            login
message .message                cwd=*


# Allow on-the-fly compression and tarring
compress        yes             all
tar             yes             all


# Prevent anonymous users (and partially guest users)
# from executing dangerous commands
chmod           no              guest,anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous


# Turn on logging to /var/log/xferlog
log transfers anonymous,guest,real inbound,outbound

# If /etc/shutmsg exists, don't allow logins
# see ftpshut man page
shutdown /etc/shutmsg

# Ask users to use their email address as anonymous
# password
passwd-check rfc822 warn

# Avoid reverse DNS
dns refuse_mismatch /etc/ftp-warning override
dns refuse_no_reverse /etc/ftp-warning override
dns resolveroptions -dnsrch


--
Yves Martin