Date: Thu, 7 Dec 2006 14:35:35 +0100 From: Gergely CZUCZY <phoemix@harmless.hu> To: "Roman Gorohov. " <roma.a.g@gmail.com> Cc: freebsd-pf@FreeBSD.org Subject: Re: ftp-proxy problem Message-ID: <20061207133535.GA16219@harmless.hu> In-Reply-To: <546388630.20061207163149@gmail.com> References: <546388630.20061207163149@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 07, 2006 at 04:31:49PM +0300, Roman Gorohov. wrot= e: > Hello, all. > We got a heavy load server with pf mostly doing nat and redirection. > [root@fw]#uname -r > 6.1-RELEASE > [root@fw]#pfctl -sr | wc -l > 546 > [root@fw]#pfctl -ss | wc -l > 9452 > Traffic is about 8 Mb/s. > /etc/inetd.conf: ftp-proxy stream tcp nowait root /usr/lib= exec/ftp-proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180 > /etc/pf.conf: rdr on $int_if proto tcp from any to any port 21 -> 127.0.0= =2E1 port 8021=20 > Traffic is about 8 megabit/s. > All working ok until we turn on ftp-proxy.=20 > After that(and some time) server suddenly hang.=20 > Just hang, no kernel trap and clear console, didn't responding for any > key(I don't know how might that be, never expect it from BSD). > Meanwhile I can see one event relating to that - ftp-proxy. > And its not hardware issue, we got two identical server(hp dl 380, afair)= working in carp, and both hanging.=20 > Last messages: > Dec 7 15:14:42 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/= min (limit 60/min) > Dec 7 15:14:44 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/= min (limit 60/min) > Dec 7 15:14:45 fw ftp-proxy[64195]: xfer_data (server to client): failed= (Connection reset by peer) with flags 00 > Dec 7 15:14:55 fw ftp-proxy[64196]: xfer_data (server to client): failed= (Connection reset by peer) with flags 00 > Dec 7 15:32:31 fw syslogd: kernel boot file is /boot/kernel/kernel >=20 > Are there any known issue with ftp-proxy+pf? try to use pftpx instead of ftp-proxy, it's available from ports. Bye, Gergely Czuczy mailto: gergely.czuczy@harmless.hu --=20 Weenies test. Geniuses solve problems that arise. --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) owG1Vc2LHEUUX7P4QYNCPIgo6AOF7LLTPd3ztTsjk+8liWRRkkAISwg13a+ni62u aqte78wE/wAPIuJRD/HmSfAgnoJ3xXjUP8CDNw+ec/BVz+zmw1zTzHTXq4/38Xu/ 9+rLV9fXTpz8/Ycf97c+/+qbF75/WU+2yppIT8NS2EOpwySOkzAZdJJh2Au3B0Mc 5jjsdLNu0h0MdudvfnfBaEJN4Y1FhSMgnFO7UkLqDyAthHVI45rycCc42ndRuso4 SdLoEUitpMbjtRtWaJejDXd1ajKppyP4pDaEWVhZqUlMFAbBRxpuFHULLmIK8XYL OnE8AEEQ90bdZNQbfrwHW3E3jltwzZRCwyVjTWEOI3jymVlD4wBHwWm4jEqZFgil IpZuIkwNgYACxeEClBEZOLSHaGEmqYAqh9I4UgvIDLsImm0LnYHFTFpMfWBezb41 hs7ms9vv1VqUCKHlyUGUhNd2r+6eu777xJYqT0lB6Cx8CrMUQsWrzdPvDZ650T21 cdjrd3jIAOa5TEE6EBNTE+zA3qTtvD9tpLTNYFMWpUbnI8ipYljNfLECxJFFUQJQ WjWyNjMhCcDb9nK7drat5IRBm2Pafuz4o2FYw2pQQr8fxzGEe9DfbgYEyU585EiV r7ywmQWj4X1O7x2Z+9NkGhdya0rGdQEs+09lLEEngfA0JJ3tKI7icTDu7CbLhZ24 k4w78bMhKHEqJpKWOJxTCmbGHvjUmQOoNUmeQKDaau/JcTDRUt+5nDjzVAja8Fl2 hnNJssTNI1K4OstQMx0KoaerQx/Wjhq5xTDCAVqNCsiKqmFKqlBY4PidUdiCTGb6 FDF/uDC0Zz3kxvqYWdEBLjauMNH8hgPOCBT8L+W0oMYlmPB5jd4NnFdMPuCMNcid v35x04e7h0LPCqkQrkDK1eAQOUoEPqO9TSXIW/Sge33hY/H74NlbSY6D8OHYbCYs MrKuZrOzZZ3QzIBkAEimQq0w2SgqyBR0d7gIRS6k3RwHx6BLzY7YqtVAMTFcUR4o eYzdVcHYleicmKLz5ekLHbYh6Y+S3qjXgXwGDY/3B7349uM8bgJP4sj/ou2YIUkR M2TADafZtcdBycY3lCwZpUHcZmnzf/p7z1l/3+s/1sk2kmGfrcy57d3JBAnYWPGK U5IqycBusg+CM5gxiBvcKvWyyXjCIDOASwPRbi6bU67E1EEcP222/wyzg+dsttvh huzNuoVTZpqNjgph4jtK7jnJRdr2Unu5svoEp1elx2SjAvntG4Cnv16Sb2X0KJqt Kj8TkG1aRe2QOzRVc86hI+TebfJHO1vM5lPcGA45MH+bLFPqOwj3hiA4v8BWEFxC O0Wu5wt36/TuIih5L5kRTJfTUdpMn+VyKBWzNCrqIAhD7/FNRC3R8SXoKIJLLLA3 jluGOkTf2dhg6ZZ1Jqx0GAWfnVl/cc3fokdX8MkT//TW7qV///nOH3fPvvT1L7fe +Pn+lQfFK6+rtXv799997e1vf33rt8tf/PVQrv/074PBw/8A =PJDe -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061207133535.GA16219>