Community discussions

MikroTik App
 
majorlogic
just joined
Topic Author
Posts: 16
Joined: Sun Jul 24, 2022 6:22 am

Unable to read the indexed puredb file

Tue Oct 04, 2022 1:26 pm

Hello, I've recently encountered these in my logs after enabling my web proxy.
Unrecognized FTP server response: 421 Unable to read the indexed puredb file (or old format detected) - Try pure-pw mkdb
in IP services, only the winbox is enabled the rest is disabled.

In my Web Proxy, only one entry is allowed access which is 192.168.99.0/24 source address which has 8080 port.

In the meantime, I've disabled my web proxy since I'm not sure what error is that. Can anyone explain to me?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11485
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unable to read the indexed puredb file

Tue Oct 04, 2022 3:32 pm

Where does the error message appear? Some FTP client running in LAN? Can you determine what triggers the message, connecting to some certain FTP server? The error message seems to originate from pure-ftp service and AFAIK ROS doesn't run one.
 
majorlogic
just joined
Topic Author
Posts: 16
Joined: Sun Jul 24, 2022 6:22 am

Re: Unable to read the indexed puredb file

Tue Oct 04, 2022 3:35 pm

moderator note: do not quote preceding post, use "Post Reply"
That's the problem, I can't determine where it's coming from. It started show up when I configured my web proxy. I was using web proxy to block some PPP clients when their due is up.

UPDATE: The messages seemed to stop when I disabled my web proxy.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11485
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unable to read the indexed puredb file

Tue Oct 04, 2022 3:40 pm

As I wrote, the log seems to indicate problem on pure-ftpd server and isn't something that you as proxy server admin can fix.

OK, so the log is on the ROS device itself. Yes, if client uses ROS as proxy server and the resource requested is over FTP protocol, then logs will be in the proxy's log. With some diligent work you might be able to correlate the error message with a particular proxy client. However, if you don't know a good reason to run the proxy (i.e. you have some known LAN clients that absolutely need to use proxy for some good reason), then it's safest to disable it. Proxy service, if not properly protected, is a very good way for hackers to hide their real location... and a good way for your public IP address to get blocked by some mainstream service providers.

If you decide that you absolutely need to run web proxy service on ROS, do revise proxy settings. proxy manual should help you. In particular: /ip proxy src-address doesn't limit clients to set IP address (with subnet), it rather configures IP address to be used when/if proxy connects to upstream proxy server. To configure allowed connections, one should configure rules in /ip proxy access, but keep in mind that logic follows logic of firewall, which has implicit allow rule if none of explicit rules match. Basic access control is probably easier to configure using firewall filter rules for input chain and dst-port=8080 (or whichever you use for proxy service).
 
majorlogic
just joined
Topic Author
Posts: 16
Joined: Sun Jul 24, 2022 6:22 am

Re: Unable to read the indexed puredb file

Tue Oct 04, 2022 3:51 pm

moderator note: do not quote preceding post, use "Post Reply"
Hello, Thank you for your input. As you said, I need the proxy to run on ROS so I've followed your advised and added access rules for src address not equal to those IP I've allowed. Thanks!

Who is online

Users browsing this forum: Amazon [Bot], mozerd, Vuokko and 65 guests