Castaglia / proftpd-mod_proxy

FTP proxy support for ProFTPD
http://www.proftpd.org
38 stars 18 forks source link

Cant configure reverse proxy "HOST not supported by backend server, ignoring" #274

Open epachirkov opened 5 months ago

epachirkov commented 5 months ago

Hello, have a problem with configuration. Have 2 proftpd. I want to set up reverse proxy. Frontend (proftpd 1.3.6c, ipv4,ubuntu 20.04,port 22) -> backend (proftpd 1.3.5e, ipv4, ubuntu 18.04, users saved in mysql, port 221)

my log:

2024-06-24 07:33:58,967 [552857] <proxy.uri:17>: parsed host 'ftp.s.mydomain.com' out of URI 'ftp://second.mydomain.com:221'

2024-06-24 07:34:23,978 [552857] <tls:14>: obtaining passphrase/password for RSA cert for path /etc/letsencrypt/live/ftp.s.mydomain.com/privkey.pem
2024-06-24 07:34:39,207 [552864] <proxy.conn:12>: connecting to backend address BACKEND_IP#221 from FRONTEND_IP#44087
2024-06-24 07:34:39,372 [552864] <proxy.conn:5>: successfully connected to BACKEND_IP#221 from FRONTEND_IP#44087
2024-06-24 07:34:39,372 [552864] <proxy.netio:18>: (inet_openrw) found tls ctrl NetIO
2024-06-24 07:34:39,372 [552864] <proxy.netio:18>: (netio_read) found tls ctrl NetIO
2024-06-24 07:34:39,373 [552864] <proxy.ftp.ctrl:9>: received '220 ProFTPD 1.3.5e Server (Debian) [BACKEND_IP]' response from backend to frontend
2024-06-24 07:34:39,373 [552864] <proxy.reverse:8>: connected to backend 'ftp://second.mydomain.com:221' in 166 ms
2024-06-24 07:34:39,374 [552864] <proxy.ftp.ctrl:9>: proxied FEAT command from frontend to backend
2024-06-24 07:34:39,374 [552864] <proxy.netio:18>: (netio_printf) found tls ctrl NetIO
2024-06-24 07:34:39,374 [552864] <proxy.netio:18>: (netio_read) found tls ctrl NetIO
2024-06-24 07:34:39,411 [552864] <proxy.ftp.ctrl:9>: received '211--Features:
 CCC
 SITE MKDIR
 PBSZ
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 REST STREAM
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 UTF8
 EPRT
 SITE SYMLINK
 EPSV
 SITE UTIME
 LANG ru-RU.UTF-8;ru-RU;en-US.UTF-8*;en-US
 MDTM
 SITE RMDIR
 SSCN
 TVFS
 SITE COPY
 MFMT
 SIZE
 PROT
211 End' response from backend to frontend
2024-06-24 07:34:39,411 [552864] <proxy.ftp.ctrl:9>: backend->frontend response: 220 ProFTPD 1.3.5e Server (Debian) [BACKEND_IP]
2024-06-24 07:34:39,411 [552864] <proxy.ftp.sess:9>: HOST not supported by backend server, ignoring`

My config mod_proxy:

<IfModule mod_proxy.c>
    ProxyEngine on
    ProxyLog /var/log/proftpd/proxy.log
    ProxyTables /var/ftp/proxy
    ProxyRole reverse
    ProxyReverseServers ftp://second.mydomain.com:221
    ProxyTimeoutConnect 30sec
</IfModule>

Problem in "HOST not supported by backend server, ignoring"? If yes, how to fix it?

Castaglia commented 5 months ago

The log message "HOST not supported by backend server, ignoring" is not necessarily a problem; it is more informational. It is saying that the backend host (ProFTPD 1.3.5e, in your case) doesn't have support for the HOST FTP command mentioned in the FEAT response. The mod_proxy module will send a HOST command to the backend server, if it is supported -- but the lack of HOST support is not a problem.

Your proxied sessions should still work as expected. Do they?

epachirkov commented 5 months ago

Unfortunately it doesn't work. I don’t understand the problem is in the proxy or in the backend. About HOST error - its only one error in log files. Backend server (ProFTPD 1.3.5e) work fine if i connect to him directly. In filezilla, when connecting to a proxy after AUTH TLS, I get a "connection closed by server" error. No errors on auth, In backend server logs i see only: `proftpd[3191989] submit-dev ([]): FTP session opened.

proftpd[3191989] submit-dev ([]): FTP session closed.`

Castaglia commented 5 months ago

Would it be possible to configure your backend ProFTPD 1.3.5e server for debug logging, debug level 10, to get more information on what the errrs might be?

epachirkov commented 5 months ago
 ROOT PRIVS at main.c:1034
 SETUP PRIVS at main.c:1039
 session requested from client in unknown class
 performing module session initializations
 mod_unique_id/0.2: generating unique session ID
 mod_unique_id/0.2: unique session ID is 'ZoJANgoSAWq84VH9ADOvuajf'
 ROOT PRIVS at mod_sql.c:6155
 RELINQUISH PRIVS at mod_sql.c:6158
 mod_sql/4.3: defaulting to 'mysql' backend
 ROOT PRIVS at mod_tls.c:7647
 RELINQUISH PRIVS at mod_tls.c:7650
 ROOT PRIVS at mod_tls.c:2277
 RELINQUISH PRIVS at mod_tls.c:2303
 mod_tls/2.6: supporting SSLv3, TLSv1, TLSv1.1, TLSv1.2 protocols
 ROOT PRIVS at mod_tls.c:3059
 RELINQUISH PRIVS at mod_tls.c:3068
 ROOT PRIVS at mod_tls.c:3124
 RELINQUISH PRIVS at mod_tls.c:3126
 ROOT PRIVS at mod_tls.c:3209
 RELINQUISH PRIVS at mod_tls.c:3728
 mod_cap/1.1: adding CAP_AUDIT_WRITE capability
 mod_ident/1.0: ident lookup disabled
 ROOT PRIVS at mod_delay.c:1756
 RELINQUISH PRIVS at mod_delay.c:1759
 ROOT PRIVS at mod_log.c:2119
 RELINQUISH PRIVS at mod_log.c:2122
 ROOT PRIVS at mod_auth.c:140
 opening scoreboard '/run/proftpd.scoreboard'
 RELINQUISH PRIVS at mod_auth.c:142
 connected - local  : <backend_ip>:221
 connected - remote : <proxy_ip>:39597
 FTP session opened.
 dispatching PRE_CMD command 'FEAT' to mod_exec
 dispatching PRE_CMD command 'FEAT' to mod_rewrite
 dispatching PRE_CMD command 'FEAT' to mod_tls
 dispatching PRE_CMD command 'FEAT' to mod_core
 dispatching PRE_CMD command 'FEAT' to mod_core
 dispatching CMD command 'FEAT' to mod_core
 in dir_check_full(): path = '', fullpath = ''.
 dispatching POST_CMD command 'FEAT' to mod_exec
 dispatching POST_CMD command 'FEAT' to mod_sql
 dispatching LOG_CMD command 'FEAT' to mod_sql
 dispatching LOG_CMD command 'FEAT' to mod_log
 mod_tls/2.6: scrubbing 1 passphrase from memory
 FTP session closed.
 scrubbing scoreboard
 ROOT PRIVS at scoreboard.c:1541
 RELINQUISH PRIVS at scoreboard.c:1544
 ROOT PRIVS at scoreboard.c:1575
 RELINQUISH PRIVS at scoreboard.c:1681
 finished scrubbing scoreboard
Castaglia commented 5 months ago

Hmm. Those backend logs don't seem to indicate any issue.

Do the logs from the proxy server (ProxyLog, and/or debug logging) show any other details or clues? Could you provide those logs in full, so we can see what else might be occurring?

epachirkov commented 4 months ago

Try debug logging with command proftpd -nd10 and see this error. proftpd: (accepting connections): symbol lookup error: /usr/lib/proftpd/mod_proxy.so: undefined symbol: pr_snprintf I am attaching the full log file proftpd.log