Post

pftpx error "server reply too long"

PF is very robust firewall solution, but for some historical ftp glitches you still need a way around, and one of the solutions is ftp proxy, sitting on the firewall host. Running on the FreeBSD and installed from ports, pftpx does very well this job, it can serve internal NAT’ed clients and also run in reverse mode for a server behind NAT. And for the internal pftpx clients there may be few sites which produce the following syslog error:

1
Apr 3 09:18:03 tori pftpx[1142]: #4102 server reply too long

At the same time on the client trying to connect to the site:

host1:~ user1$ ftp ftp.alientechnology.com
Connected to ftp.alientechnology.com.
220-ftp.alientechnology.com X2 WS_FTP Server 4.0.0 (3806493092)
421 Service not available, remote server has closed connection.
ftp> 

It turns out the site sends a very long greeting message, which doesn’t fit in default pftpx buffer, so it ends connection. QuickNdirty solution is to drop attached below small patch into /usr/ports/ftp/pftpx/files/ directory, it will just change the default buffer size from 500 to 1024, so the site greeting message will fit.

--- pftpx.c.orig	Tue Apr  3 09:54:17 2007
+++ pftpx.c	Tue Apr  3 09:55:56 2007
@@ -44,7 +44,7 @@
 
 #define CONNECT_TIMEOUT	30
 #define MIN_PORT	1024
-#define MAX_LINE	500
+#define MAX_LINE	1024
 #define MAX_LOGLINE	300
 #define NTOP_BUFS	3
 #define TCP_BACKLOG	10