Synchronet v3.17b-Win32 (install) has been released (Jan-2019).

New Synchronet YouTube channel

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
faq:tcpip [2019/08/08 21:08]
digital man [SSH Session Key] mention ssl.cert and system-password dependency
faq:tcpip [2020/06/01 21:33] (current)
digital man [Rebind] TIME WAIT or CLOSE WAIT - both are indications of the same problem
Line 11: Line 11:
   * [[#​ftp_connect|Why can't users connect to my FTP server]]? ​   * [[#​ftp_connect|Why can't users connect to my FTP server]]? ​
   * [[#​ftp_nat|Why do FTP clients lock-up or time-out when listing directories or downloading files from my FTP server]]? ​   * [[#​ftp_nat|Why do FTP clients lock-up or time-out when listing directories or downloading files from my FTP server]]? ​
 +  * [[#​ftp_html|Why won't a web browser render HTML content from my FTP Server]]?
   * [[#bind|Why do some or all of my servers get bind errors when starting or recycling]]? ​   * [[#bind|Why do some or all of my servers get bind errors when starting or recycling]]? ​
   * [[#​bandwidth|How many nodes/​clients/​users can I support with my Internet connection]]? ​   * [[#​bandwidth|How many nodes/​clients/​users can I support with my Internet connection]]? ​
Line 237: Line 238:
  
 If your firewall cannot dynamically open/​forward FTP PASV data ports for incoming passive FTP data connections,​ you can specify a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. You will of course need to configure your firewall device to open/​forward these ports to your FTP server. ​ If your firewall cannot dynamically open/​forward FTP PASV data ports for incoming passive FTP data connections,​ you can specify a limited range of TCP port numbers to use for passive transfers by modifying the PasvPortLow and PasvPortHigh values in the ''​[FTP]''​ section of your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file. You will of course need to configure your firewall device to open/​forward these ports to your FTP server. ​
 +
 +===== FTP HTML =====
 +:?: **Question:​**\\
 +Why will a web browser not (no longer) render the HTML content sent by the Synchronet FTP Server (i.e. ''​00index.html''​ generated by ''​ftp-html.js''​)? ​
 +
 +:!: **Answer:​**\\
 +For security reasons, modern web browsers (e.g. Google Chrome) have stopped rendering HTML content served by protocols other than HTTP or HTTPS.
 +  * [[https://​www.bleepingcomputer.com/​news/​google/​chrome-and-firefox-developers-aim-to-remove-support-for-ftp/​]]
 +
 +Some web browsers (e.g. Microsoft Edge) are removing FTP support altogether.
 +  * [[https://​www.ghacks.net/​2020/​03/​19/​mozilla-will-remove-ftp-support-in-the-firefox-web-browser/​]]
  
 ===== Bind ===== ===== Bind =====
Line 250: Line 262:
  
 This usually means you have another TCP/IP server on your system that is already bound to (and is presumably already listening for incoming connections on) this port. This could be a pre-existing instance of Synchronet or any other Telnet/​Web/​Mail/​FTP servers that you may have installed on your system. You can use utilities such as ''​[[man>​netstat]]''​ (for Windows or Unix((e.g. '​netstat -naptu'​ as root user on Linux))) or [[http://​technet.microsoft.com/​en-us/​sysinternals/​bb897437.aspx|TCPView]] (for Windows) to verify what programs (if any) have the TCP or UDP port in question already bound. If these utilities do not report any program is bound to (and listening) on this port, you can try Telnetting to the port in question and see if anything answers. If you're unable to connect to the port with a Telnet client and Synchronet cannot bind the port, your TCP/IP stack probably needs to be reset, so a system reboot may be in order. ​ This usually means you have another TCP/IP server on your system that is already bound to (and is presumably already listening for incoming connections on) this port. This could be a pre-existing instance of Synchronet or any other Telnet/​Web/​Mail/​FTP servers that you may have installed on your system. You can use utilities such as ''​[[man>​netstat]]''​ (for Windows or Unix((e.g. '​netstat -naptu'​ as root user on Linux))) or [[http://​technet.microsoft.com/​en-us/​sysinternals/​bb897437.aspx|TCPView]] (for Windows) to verify what programs (if any) have the TCP or UDP port in question already bound. If these utilities do not report any program is bound to (and listening) on this port, you can try Telnetting to the port in question and see if anything answers. If you're unable to connect to the port with a Telnet client and Synchronet cannot bind the port, your TCP/IP stack probably needs to be reset, so a system reboot may be in order. ​
- 
-If you're running a Unix-like operating system (not Windows) and get bind errors only when recycling servers, this is most likely because a TCP session is stuck in a ''​TCP TIMEWAIT''​ state (you can use ''​[[man>​netstat]]''​ to verify this). The session will eventually time-out and close properly on its own, allowing the port to be re-bound at that time. To work-around this problem, you can either increase the ''​BindRetryCount''​ and/or ''​BindRetryDelay''​ values in your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file, or you can add the following line to your ''​[[dir:​ctrl]]/​[[config:​sockopts.ini]]''​ file:  
-  REUSEADDR=1 ​ 
  
 :!: **Answer:​**\\ :!: **Answer:​**\\
Line 259: Line 268:
  
 Error ''​13''​ means "​access denied"​. Error ''​13''​ means "​access denied"​.
-This error upon binding usually means that you're running Synchronet as non-privileged user account (e.g. not '​root'​) and the operating system you're running does not allow processes run under non-privileged user accounts to bind to low (TCP or UDP) port numbers (usually less than 1024). You can either use higher TCP port numbers in your configuration or have Synchronet switch to a non-privileged user *after* binding the TCP ports (see [[config:​nix]] for details).+This error upon binding usually means that you're running Synchronet as non-privileged user account (e.g. not '​root'​) and the operating system you're running does not allow processes run under non-privileged user accounts to bind to low (TCP or UDP) port numbers (usually less than 1024). You can either use higher TCP port numbers in your configuration or have Synchronet switch to a non-privileged user *after* binding the TCP ports (see [[config:​nix]] for details), see also: [[howto:​Linux non-root]]. 
 + 
 +==== Rebind ==== 
 +:!: **Answer:​**\\ 
 +If you're running a Unix-like operating system (not Windows) and get bind errors //only// when recycling servers: 
 +  sbbs: term 0001 !ERROR 98 binding Telnet Server socket to port 23 
 +  sbbs: term 0001 Will retry in 15 seconds (1 of 2) 
 + 
 +... this is most likely because a TCP session is stuck in a TCP "TIME WAIT" or "CLOSE WAIT" state (you can use ''​[[man>​netstat]]''​ to verify this). The session will eventually time-out and close properly on its own, allowing the port to be re-bound at that time. To work-around this problem, you can either increase the ''​BindRetryCount''​ and/or ''​BindRetryDelay''​ values in your ''​[[dir:​ctrl]]/​[[config:​sbbs.ini]]''​ file, or you can add the following line to the root section of your ''​[[dir:​ctrl]]/​[[config:​sockopts.ini]]''​ file:  
 +  REUSEADDR=1  
  
 ===== Bandwidth ===== ===== Bandwidth =====
Line 305: Line 324:
  
 ==== SSH Cipher Algo ==== ==== SSH Cipher Algo ====
 +
 +Should be fixed as of Fri Feb 14 07:37:04 2020 UTC. aes128-ctr and aes256-ctr support was added.
  
 Example: Example:
Line 320: Line 341:
   ​   ​
 ==== SSH Kex Algo ==== ==== SSH Kex Algo ====
 +
 +Should be fixed as of Mon Jun 3 22:21:15 2019 UTC. diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256 support was added.
  
 Example: Example:
Line 352: Line 375:
  
 ==== SSH MAC Algo ==== ==== SSH MAC Algo ====
 +
 +Should be fixed as of Mon Jun 3 22:21:15 2019 UTC. hmac-sha2-256 support was added.
  
 Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm. Another observed problem is with the negotiated Message Authentication Code (MAC) algorithm.

In Other Languages