0
root@www:~# cat /etc/pure-ftpd/conf/MaxClientsNumber 
100
root@www:~# cat /etc/pure-ftpd/conf/MaxClientsPerIP 
50

Restarting ftp server: Running: 

/usr/sbin/pure-ftpd -l extauth:/var/run/ftpd-auth.sock -l pam -y 150:0 -c 100 -C 50 -H -P 10.8.1.7 -u 1000 -p 18000:18020 -E -Y 1 -U 113:002 -R -A -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -B

But getting this error when trying to connect more than 10 times. On client:

421 10 users (the maximum) are already logged in, sorry

Running ubuntu 10.10

I'm stumped.

Diamond
  • 8,791
  • 3
  • 22
  • 37
poopa
  • 75
  • 1
  • 10

2 Answers2

0

-p 18000:18020 only allows 21 ports to be used.

You need at least twice the amount of users you want to allow simultaneously.

In general, you don't want the port range to be small, but as large as possible.

Richard Slater
  • 3,228
  • 2
  • 28
  • 42
Frank Denis
  • 116
  • 1
0

An answer I got from pureftp support mailing list:

Sorry if this is insanely picky, but I'd like to correct some things from lacibusiness's response. It is always best to explain things accurately to avoid misconceptions.

First, to confirm what was right (and great, and helpful, and was a quick reply which is always awesome) about what was said: Yes, the number of allowed FTP control connections will be limited to 1/2 the size of the passive port range. So if your range covers 21 ports (as yours does, 18000 - 18020) then half that is 10.5. Pure-ftpd essentialy rounds that down to 10, and enforces a rule that you can only have that number (10 in this case) ftp sessions at a time.

But to correct the inaccuracies:

FTP opens 2 new passive ftp connections for every client

This is not technically correct. Rather, you could say that Pure-ftpd wants to insure that at least 2 passive connections could be used during each ftp session. It may not open both. It may not even open one. I think it could even open 3 or many more, depending on how many data-oriented tasks (file transfers and dir lists) the ftp session actually performs. You might say that Pure-ftpd wants to reserve the ability to open passive data connections, so it is protective of the passive port usage.

Since tcp ports can take a bit of time before they are allowed to be reused, Pure-ftpd (in implementing this philosophy) is rather cautious. If there are 10 FTP control connections present, then (even if there are NO passive data connection currently open), it considers that each session might need an average of 2 connections, and therefore it believes a reserve of 20 ports is advisable. And in fact it is coded to require this.

That "reserve" must come from the "PassivePortRange" (aka the -p setting) , so the width of your range must be twice the number of ftp client sessions which you want to support.

since you only have 20 passive ports open

It would probably be better to say "available" rather than "open". Because in the sense of an open tcp connection, he may not have 20 passive ports "open." He may not have any open at all. Rather, he has a defined range of 21 ports to possibly open for passive data connections.

Darcy Darcy.Partridge@suse.com

poopa
  • 75
  • 1
  • 10