pftpx error "server reply too long"

pftpx error "server reply too long"

PF is very robust firewall solution, but for some historical ftp glitches you still need a way around, and one of the solutions is ftp proxy, sitting on the firewall host. Running on the FreeBSD and installed from ports, pftpx does very well this job, it can serve internal NAT'ed clients and also run in reverse mode for a server behind NAT. And for the internal pftpx clients there may be few sites which produce the following syslog error:

Apr 3 09:18:03 tori pftpx[1142]: #4102 server reply too long

At the same time on the client trying to connect to the site:

host1:~ user1$ ftp
Connected to X2 WS_FTP Server 4.0.0 (3806493092)
421 Service not available, remote server has closed connection.

It turns out the site sends a very long greeting message, which doesn't fit in default pftpx buffer, so it ends connection. QuickNdirty solution is to drop attached below small patch into /usr/ports/ftp/pftpx/files/ directory, it will just change the default buffer size from 500 to 1024, so the site greeting message will fit.

--- pftpx.c.orig  Tue Apr  3 09:54:17 2007
+++ pftpx.c    Tue Apr  3 09:55:56 2007
@@ -44,7 +44,7 @@
 #define CONNECT_TIMEOUT    30
 #define MIN_PORT   1024
-#define MAX_LINE  500
+#define MAX_LINE  1024
 #define MAX_LOGLINE    300
 #define NTOP_BUFS  3
 #define TCP_BACKLOG    10

comments powered by Disqus