Discussion:
[Proftpd-user] Understanding "MaxHostsPerUser" config
Matheus Fernandes
2016-06-15 14:35:08 UTC
Permalink
My MaxHostsPerUser is set to 3. What is happening here is that proftpd is
limiting concurrent transfer from 2 ips at the same time and I always hit
this limit without actually having the 3 ips that I previously set. The log
say: (max hosts per host 3).

The directive MaxHostsPerUser supposedly limit a number x of ip addresses
that connects to the server with one specific user, right?
TJ Saunders
2016-06-15 16:17:08 UTC
Permalink
Post by Matheus Fernandes
My MaxHostsPerUser is set to 3. What is happening here is that proftpd is
limiting concurrent transfer from 2 ips at the same time and I always hit
this limit without actually having the 3 ips that I previously set. The log
say: (max hosts per host 3).
The directive MaxHostsPerUser supposedly limit a number x of ip addresses
that connects to the server with one specific user, right?
Correct. MaxHostsPerUser says that for the logging-in user -- at login
time -- there cannot be more than the configured limit of _different_
client IP addresses using that user name.

If it seems that MaxHostsPerUser is enforcing its limit early (i.e. 2
clients rather than 3), you might check your ScoreboardFile (using e.g.
ftpwho) to see if it contains entries from some other IP address using
that user name; the ScoreboardFile is what proftpd uses for checking the
MaxHostsPerUser (and other) limits.

Hope this helps,
TJ

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
ProFTPD Users List <proftpd-***@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Matheus Fernandes
2016-06-15 16:49:36 UTC
Permalink
Thanks for the response TJ!

I was using ftptop (it shows the same as ftpwho, but updates in real time),
and I saw only 2 ips were connected at the same time, there were no other
ips connected.

What I noticed was: (2 ips/hosts connected at same time) when one ip is
uploading something, if the other one tries to send something at that same
time, he gets the 'max hosts reached 3' error. But if the first one
finishes uploading (but stays connected), the second one is 'released' and
can upload with no problem.

I think this could be a bug and it happens with versions 1.3.4a-1 and
1.3.5~rc3-2.1ubuntu2
Post by TJ Saunders
Post by Matheus Fernandes
My MaxHostsPerUser is set to 3. What is happening here is that proftpd is
limiting concurrent transfer from 2 ips at the same time and I always hit
this limit without actually having the 3 ips that I previously set. The log
say: (max hosts per host 3).
The directive MaxHostsPerUser supposedly limit a number x of ip addresses
that connects to the server with one specific user, right?
Correct. MaxHostsPerUser says that for the logging-in user -- at login
time -- there cannot be more than the configured limit of _different_
client IP addresses using that user name.
If it seems that MaxHostsPerUser is enforcing its limit early (i.e. 2
clients rather than 3), you might check your ScoreboardFile (using e.g.
ftpwho) to see if it contains entries from some other IP address using
that user name; the ScoreboardFile is what proftpd uses for checking the
MaxHostsPerUser (and other) limits.
Hope this helps,
TJ
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.
http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
TJ Saunders
2016-06-15 17:26:07 UTC
Permalink
Post by Matheus Fernandes
I was using ftptop (it shows the same as ftpwho, but updates in real
time), and I saw only 2 ips were connected at the same time, there were no other
ips connected.
What I noticed was: (2 ips/hosts connected at same time) when one ip is
uploading something, if the other one tries to send something at that
same time, he gets the 'max hosts reached 3' error. But if the first one
finishes uploading (but stays connected), the second one is 'released'
and can upload with no problem.
What does your full proftpd.conf look like? In particular, I am
wondering if you might be encountering limits other than
MaxHostsPerUser...

TJ

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
ProFTPD Users List <proftpd-***@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Matheus Fernandes
2016-06-15 17:47:09 UTC
Permalink
I don't think i'm hitting other limits because if I increase only the
MaxHostsPerUser to 5 for example I can send simultaneously from both ips
with no problem.

But I attached my full proftpd.conf as requested.

Thanks
Post by Matheus Fernandes
Post by Matheus Fernandes
I was using ftptop (it shows the same as ftpwho, but updates in real
time), and I saw only 2 ips were connected at the same time, there were
no other
Post by Matheus Fernandes
ips connected.
What I noticed was: (2 ips/hosts connected at same time) when one ip is
uploading something, if the other one tries to send something at that
same time, he gets the 'max hosts reached 3' error. But if the first one
finishes uploading (but stays connected), the second one is 'released'
and can upload with no problem.
What does your full proftpd.conf look like? In particular, I am
wondering if you might be encountering limits other than
MaxHostsPerUser...
TJ
TJ Saunders
2016-06-17 20:08:50 UTC
Permalink
Post by Matheus Fernandes
I was using ftptop (it shows the same as ftpwho, but updates in real
time), and I saw only 2 ips were connected at the same time, there were no other
ips connected.
What I noticed was: (2 ips/hosts connected at same time) when one ip is
uploading something, if the other one tries to send something at that
same time, he gets the 'max hosts reached 3' error. But if the first one
finishes uploading (but stays connected), the second one is 'released'
and can upload with no problem.
Much of this will depend on *exactly* how the FTP clients in question
handle data transfers.

Some FTP clients, for example, will actually use multiple different FTP
sessions to the FTP server. Most times this is done as part of
providing "download/upload acceleration": each separate FTP session
initiates a separate data transfer (upload or download) for a _part_ of
the file in question, and the orchestrating code on the client end
re-assembles everything together.

If the clients you are using behave like the above, then there would be
one FTP session for the login/browsing, and a _separate_ FTP session
which causes the upload/download.

Thus you say you saw 2 different IPs connected. Good. Then you saw
another client is sending something; if that's using another session,
that would be 3 FTP sessions for that user -- hence the MaxHostsPerUser.
The other client, attempting to transfer something at that time (using
a separate FTP sessions) would mean 4 sessions -- exceeding the limit.
This would also explain how, once the first client ends its transfer,
there is an "open slot" for the second client.

Does that make sense?

TJ

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
ProFTPD Users List <proftpd-***@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Matheus Fernandes
2016-06-17 20:56:31 UTC
Permalink
Thanks for the reply TJ.
I still dont get it. It just doesn't make sense. In my opinion, the limit
that should be reaching in this case is MaxClientsPerUser and not
MaxHostsPerUser, cause I'm making more connections with same ip connected.
'Hosts' is associated to IPs, right? So if I have 3 ips connecting with one
user, I should be sending 3 files, one for each ip.

I will increase my MaxHostsPerUser to be the same as MaxClientsPerUser so I
won't have this limit problem.

I'm sorry to bother you with this misunderstanding.. I really appreciate
your time for explaining it all!!

Thanks man
Post by Matheus Fernandes
Post by Matheus Fernandes
I was using ftptop (it shows the same as ftpwho, but updates in real
time), and I saw only 2 ips were connected at the same time, there were
no other
Post by Matheus Fernandes
ips connected.
What I noticed was: (2 ips/hosts connected at same time) when one ip is
uploading something, if the other one tries to send something at that
same time, he gets the 'max hosts reached 3' error. But if the first one
finishes uploading (but stays connected), the second one is 'released'
and can upload with no problem.
Much of this will depend on *exactly* how the FTP clients in question
handle data transfers.
Some FTP clients, for example, will actually use multiple different FTP
sessions to the FTP server. Most times this is done as part of
providing "download/upload acceleration": each separate FTP session
initiates a separate data transfer (upload or download) for a _part_ of
the file in question, and the orchestrating code on the client end
re-assembles everything together.
If the clients you are using behave like the above, then there would be
one FTP session for the login/browsing, and a _separate_ FTP session
which causes the upload/download.
Thus you say you saw 2 different IPs connected. Good. Then you saw
another client is sending something; if that's using another session,
that would be 3 FTP sessions for that user -- hence the MaxHostsPerUser.
The other client, attempting to transfer something at that time (using
a separate FTP sessions) would mean 4 sessions -- exceeding the limit.
This would also explain how, once the first client ends its transfer,
there is an "open slot" for the second client.
Does that make sense?
TJ
Christopher Murley
2016-06-17 21:06:26 UTC
Permalink
TJ Is most likely correct, FTP clients now "shotgun" connections for
better throughput.

Run a netstat on your box and you'll see multiple connections.
--
Regards,

-Chris

______________________________
Christopher D. Murley
Director of Network Operations
TownNews.Com - 800.293.9576
Post by Matheus Fernandes
Thanks for the reply TJ.
I still dont get it. It just doesn't make sense. In my opinion, the limit
that should be reaching in this case is MaxClientsPerUser and not
MaxHostsPerUser, cause I'm making more connections with same ip connected.
'Hosts' is associated to IPs, right? So if I have 3 ips connecting with one
user, I should be sending 3 files, one for each ip.
I will increase my MaxHostsPerUser to be the same as MaxClientsPerUser so I
won't have this limit problem.
I'm sorry to bother you with this misunderstanding.. I really appreciate
your time for explaining it all!!
Thanks man
Post by Matheus Fernandes
Post by Matheus Fernandes
I was using ftptop (it shows the same as ftpwho, but updates in real
time), and I saw only 2 ips were connected at the same time, there
were
no other
Post by Matheus Fernandes
ips connected.
What I noticed was: (2 ips/hosts connected at same time) when one ip
is
Post by Matheus Fernandes
uploading something, if the other one tries to send something at that
same time, he gets the 'max hosts reached 3' error. But if the first
one
Post by Matheus Fernandes
finishes uploading (but stays connected), the second one is 'released'
and can upload with no problem.
Much of this will depend on *exactly* how the FTP clients in question
handle data transfers.
Some FTP clients, for example, will actually use multiple different FTP
sessions to the FTP server. Most times this is done as part of
providing "download/upload acceleration": each separate FTP session
initiates a separate data transfer (upload or download) for a _part_ of
the file in question, and the orchestrating code on the client end
re-assembles everything together.
If the clients you are using behave like the above, then there would be
one FTP session for the login/browsing, and a _separate_ FTP session
which causes the upload/download.
Thus you say you saw 2 different IPs connected. Good. Then you saw
another client is sending something; if that's using another session,
that would be 3 FTP sessions for that user -- hence the MaxHostsPerUser.
The other client, attempting to transfer something at that time (using
a separate FTP sessions) would mean 4 sessions -- exceeding the limit.
This would also explain how, once the first client ends its transfer,
there is an "open slot" for the second client.
Does that make sense?
TJ
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.
http://sdm.link/zohomanageengine_______________________________________________
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
ProFTPD Users List <proftpd-***@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Loading...