Re: [Duplicity-talk] connect failed: Invalid argument.

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] connect failed: Invalid argument.

From:	Tim Riemenschneider
Subject:	Re: [Duplicity-talk] connect failed: Invalid argument.
Date:	Tue, 26 May 2009 00:24:35 +0200
User-agent:	Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

Kenneth Loafman schrieb:
> Tim Riemenschneider wrote:
>   
>> address@hidden schrieb:
>>     
>>> Hello,
>>>
>>> I am getting the following error:
>>>
>>> address@hidden duplicity-0.5.17]$ FTP_PASSWORD=xxxxxx /usr/bin/duplicity 
>>> /usr/local/  ftp://address@hidden:2121/backup/
>>> NcFTP version is 3.2.2
>>> connect failed: Invalid argument.
>>> connect failed: Invalid argument.
>>> connect failed: Invalid argument.
>>> Running 'ncftpls -f /tmp/duplicity-QkE_hG-tempdir/mkstemp-dbsEHg-1 -F -t 30 
>>> -o useCLNT=0,useHELP_SITE=0  -P '2121' -l 'ftp://localhost:2121/backup/'' 
>>> failed (attempt #1)
>>>
>>> It would be great if someone could shine some light on the "Invalid 
>>> argument" error.
>>>
>>> A little more about my setup. I am using a ssh tunnel to get to the main 
>>> host of my webserver and from there I go to the ftp server. Manually 
>>> everything works, i.e. I can login to the server via the tunnel. Also, if I 
>>> supply the wrong password to dulicity I get a wrong password error - so the 
>>> connection is working. 
>>>
>>> Thank you very much for your help.
>>> Best wishes,
>>> Phil
>>>
>>>   
>>>       
>> I don't think that that can work. FTP uses two different streams: the
>> control-stream for the commands and the data for, well, the data.
>> When you tunnel port 21, you only tunnel the control-stream, not the
>> data-stream.
>> Sometimes this does work, but often it doesn't.
>> Specifically:
>> When the server is only available to some hosts, not the whole internet
>> (this is your case, i assume): the control-stream is tunneled from your
>> server-to-be-backuped to your webhost and from there to the ftpserver.
>> That means for the ftpserver the connection seemingly comes from your
>> webhost and is allowed. However when a data-stream is required, your
>> server tries to reach the ftpserver directly, which is probably not allowed.
>> But even when the ftpserver is available from everywhere, most
>> ftpservers check the source-address of the data-stream and discard
>> packages not coming from the connected host.
>>     
>
> If you tunnel correctly (he never supplied those commands), then its
> possible, but I'm now wondering "Why use FTP?".  He has SSH access and
> duplicity works with SSH, so why all the fuss with tunneling, etc.
>
> Methinks I've been answering the wrong question all along.
>
> ...Ken
>   
Are you sure? Then I really like to know how such a tunnel has to be set up.
Because a tunnel set up with:
ssh -L 2121:ftpserver:21 address@hidden

does not work. ncftp trace (a bit different than Phils):
ncftp ftp://address@hidden:2121/
SESSION STARTED at:  2009-05-26 00:03:21 CEST +0200
   Program Version:  NcFTP 3.2.1/349 Jul 29 2007, 09:55 AM
   Library Version:  LibNcFTP 3.2.1 (August 13, 2007)
        Process ID:  30569
          Platform:  linux-x86-glibc2.6
          Hostname:    (rc=-2)
          Terminal:  xterm
00:03:21  Fw: firewall.domain.com  Type: 0  User: tim  Pass: ******** 
Port: 21
00:03:21  FwExceptions: .probe.net,localhost,foo.bar.com,localdomain
00:03:21  NOTE:  Your domain name could not be detected.
00:03:21  Resolving localhost...
00:03:21  Connecting to 127.0.0.1...
00:03:21  LibNcFTP 3.2.1 (August 13, 2007) compiled for linux-x86-glibc2.6
00:03:21  Uname: Linux|targa|2.6.29|#1 Tue May 5 18:02:31 CEST 2009|i686
00:03:21  Glibc: 2.9 (stable)
00:03:21  Logging in...
00:03:21  220: --------- Welcome to Pure-FTPd [TLS] ----------
00:03:21       You are user number 1 of 50 allowed.
00:03:21       Local time is now 00:03. Server port: 21.
00:03:21       This is a private system - No anonymous login
00:03:21       IPv6 connections are also welcome on this server.
00:03:21       You will be disconnected after 15 minutes of inactivity.
00:03:21  Connected to 127.0.0.1.
00:03:21  Cmd: USER someuser
00:03:23  331: User someuser OK. Password required
00:03:23  Cmd: PASS xxxxxxxx
00:03:23  Logging in...
00:03:23  230: User someuser has group access to:  somegroup
00:03:23       OK. Current restricted directory is /
00:03:23  Cmd: PWD
00:03:23  257: "/" is your current location
00:03:23  Logged in to 127.0.0.1 as someuser.
00:03:23  Cmd: FEAT
00:03:23  211: Extensions supported:
00:03:23        EPRT
00:03:23        IDLE
00:03:23        MDTM
00:03:23        SIZE
00:03:23        REST STREAM
00:03:23        MLST
type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
00:03:23        MLSD
00:03:23        ESTP
00:03:23        PASV
00:03:23        EPSV
00:03:23        SPSV
00:03:23        ESTA
00:03:23        AUTH TLS
00:03:23        PBSZ
00:03:23        PROT
00:03:23       End.
00:03:23  Cmd: HELP SITE
00:03:23  214: The following SITE commands are recognized
00:03:23        ALIAS
00:03:23        CHMOD
00:03:23        IDLE
00:03:23        UTIME
00:03:23       Pure-FTPd - http://pureftpd.org/
00:03:23  Logged in to localhost.
00:03:23  Cmd: CLNT NcFTP 3.2.1 linux-x86-glibc2.6
00:03:23  500: Unknown command
00:03:23  Cmd: PWD
00:03:23  257: "/" is your current location
00:03:26  > ls

00:03:26  Cmd: OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
00:03:26  200:  MLST OPTS
type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
00:03:26  Cmd: PASV
00:03:26  227: Entering Passive Mode (XX,XX,XX,XX,215,67)
00:03:26  connect failed: Das Argument ist ungültig.
00:03:26  Falling back to PORT instead of PASV mode.
00:03:26  Cmd: PORT 127,0,0,1,163,101
00:03:26  500: I won't open a connection to 127.0.0.1 (only to YY.YY.YY.YY)
00:03:32  Save? (yes/no) no

(with XX.XX.XX.XX being the ftphost, YY.YY.YY.YY the tunnelhost...)
(when I search for "ftp ssh tunnel" on google, I see only howtos saying
you have to use PASSIVE-Mode)

And to the why: I assume that Phil has a dedicated webserver with
backupspace included. The usual setup is a rootserver in an datacenter,
backupspace as FTP in the same datacenter, only accepting connections
from within the datacenter.
When you now want to backup your server at home (for example), you can't
directly FTP to the backupserver, since you are on the "outside". So you
would need to tunnel the FTP through your rootserver to the backuphost.

So IMO the only two options you (@Phil) have:
Either backup to your webserver with duplicity and move/copy the backups
to the ftpserver afterwards yourself.
Or replace the ssh-tunnel by something more sophisticated: "man
openvpn", f.e. ;-) (only if the webhost is really a rootserver, ie. you
are able to install openvpn there....)

cu
Tim

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] connect failed: Invalid argument., can_man, 2009/05/19
- Re: [Duplicity-talk] connect failed: Invalid argument., Kenneth Loafman, 2009/05/19
  - Re: [Duplicity-talk] connect failed: Invalid argument., can_man, 2009/05/23
    - Re: [Duplicity-talk] connect failed: Invalid argument., Kenneth Loafman, 2009/05/23
    - Re: [Duplicity-talk] connect failed: Invalid argument., can_man, 2009/05/25
    - [Duplicity-talk] gmail?, Jay Dresser, 2009/05/25
    - Re: [Duplicity-talk] gmail?, Kenneth Loafman, 2009/05/25
    - Re: [Duplicity-talk] connect failed: Invalid argument., Kenneth Loafman, 2009/05/25
- Re: [Duplicity-talk] connect failed: Invalid argument., Tim Riemenschneider, 2009/05/25
  - Re: [Duplicity-talk] connect failed: Invalid argument., Kenneth Loafman, 2009/05/25
    - Re: [Duplicity-talk] connect failed: Invalid argument., Tim Riemenschneider <=
    - Re: [Duplicity-talk] connect failed: Invalid argument., edgar . soldin, 2009/05/26

Prev by Date: Re: [Duplicity-talk] connect failed: Invalid argument.
Next by Date: Re: [Duplicity-talk] connect failed: Invalid argument.
Previous by thread: Re: [Duplicity-talk] connect failed: Invalid argument.
Next by thread: Re: [Duplicity-talk] connect failed: Invalid argument.
Index(es):
- Date
- Thread