Koozali.org: home of the SME Server

ConcurrencyPerIP questions

Offline davelister

  • *
  • 51
  • +0/-0
    • IgnitionJournal
ConcurrencyPerIP questions
« on: April 19, 2010, 10:19:32 AM »
Sorry it is me again. I am having problems with ftp. I am get the 421 errors stating I have reached the host concurrency limit.

Can you please point me in the right direction here. So far I have created a custom template by
mkdir /etc/e-smith/templates-custom/var/service/ftp/peers/local/ConcurrencyPerIP

then I created a file called C16 within /etc/e-smith/templates-custom/var/service/ftp/peers/local/ConcurrencyPerIP
touch C16

then I edited C16 to contain nothing but 'C16'

I then expanded the template
expand-template /var/service/ftp/peers/local

then restarted the ftp service

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: ConcurrencyPerIP questions
« Reply #1 on: April 19, 2010, 01:33:29 PM »
(Note: please forgive me if this is way, way more info than you wanted...)

In order to override a SME template, the filename in .../templates-custom/... should to be identical to the filename in .../templates/...; I'm not sure what happens if you create a folder with the same name as a default template fragment (instead of a file).

It looks to me like the file that sets C4 in /var/service/ftp/peers/local is /etc/e-smith/templates/var/service/ftp/peers/local/ConcurrencyPerIP, so the file you should create a file named /etc/e-smith/templates-custom/var/service/ftp/peers/local/ConcurrencyPerIP

In general, here's how I go about creating a custom template:

1) Identify the service performing the task I want to customize
2) Identify the configurataion file that needs to be customized
3) Change the config file manually
4) Restart the affected service
5) Verify that restarting the service did not return the config file to the original configuration (dnscache, for example, regenerates .../dnscache/root/servers each time the service is restarted)
6) Verify that the change introduced fixes the problem I am addressing
7) Locate the default template fragment that generates the piece of the config file I want to modify
8) copy the default template fragment into the appropriate .../templates-custom/... folder tree
9) edit the .../templates-custom/... copy of the template fragment
10) use expand-template to regenerate the target config file
11) verify (using file date and time, or by using a slightly different value for the new parameter than was used in step 3) that the config file now contains the output generated by the new custom template fragement.
12) re-test
13) Document the operation in the wiki if it seems to me that the info would be useful to others

Not every config option of every program is templated; for example, there is no template (that I can find) to control /var/service/qpsmtpd/config.

Not every template is in the location you might expect (.../qpsmtpd/peers/0 is built using the template fragments in .../qpsmtpd/config/plugins due to the instructions in .../templates.metadata/...).

Not every function is controlled by only one template (or config file) - email attachment size, for example, is affected by settings in qmail, qpsmtpd, php and clamd.

Finally, template fragments are processed alpha-numerically - so be sure that your customizations are inserted into the target config file in a sensible location.


In your case:
- Does replacing the default "C4" with "C16" in /var/service/ftp/peers/local have the desired results?
(/var/log/ftp/current tells you your "concurrency" value for each subnet when you establish a connection)

- If so, does your custom template fragment generate the desired content for that file?


Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: ConcurrencyPerIP questions
« Reply #2 on: April 19, 2010, 03:58:32 PM »
Sorry it is me again. I am having problems with ftp. I am get the 421 errors stating I have reached the host concurrency limit.

Your first step should be to diagnose why you are having that problem. Why do you have one IP address creating too many concurrent ftp connections to your server?

I would further ask - why are you using ftp anyway? It is a fundamentally insecure protocol (uses cleartext passwords).

Offline davelister

  • *
  • 51
  • +0/-0
    • IgnitionJournal
Re: ConcurrencyPerIP questions
« Reply #3 on: April 19, 2010, 11:00:39 PM »
Thanks for the help so mmcarn I see from your reply where I have made a mistake :-)

However, before I go correcting my mistake can I ask you Charlie is the 'other way' you are suggesting 'vpn'? If so the reason I use ftp in this situation is because I am on a shared computer here and did not want to give this computer vpn access. However, if you mean some way other than vpn I would be keen to hear what it is!

I suspect the too many concurrent ftp connections was my ftp client trying to download a directory containing 100's of files. If I only attempted to download 3 at a time all was fine.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: ConcurrencyPerIP questions
« Reply #4 on: April 19, 2010, 11:05:25 PM »
I suspect the too many concurrent ftp connections was my ftp client trying to download a directory containing 100's of files. If I only attempted to download 3 at a time all was fine.

Change the configuration of your ftp client, or use a different ftp client.

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: ConcurrencyPerIP questions
« Reply #5 on: April 19, 2010, 11:05:49 PM »
However, before I go correcting my mistake can I ask you Charlie is the 'other way' you are suggesting 'vpn'?

WInSCP.

Offline davelister

  • *
  • 51
  • +0/-0
    • IgnitionJournal
Re: ConcurrencyPerIP questions
« Reply #6 on: April 19, 2010, 11:52:10 PM »
thanks very much. In this one posting I have learnt want I was doing wrong with making custom templates and I have also learnt a way of doing something I want to do without making a custom template. I love it!