Date: Wed, 06 Jan 2010 11:24:02 -0800 From: Mark Atkinson <atkin901@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: ftp problem Message-ID: <hi2o0i$dnp$1@ger.gmane.org> In-Reply-To: <fc2243911001060957n16f906f7m703c696b970e8c3c@mail.gmail.com> References: <fc2243911001060809m5417b810vf2ed40c8a969fb5f@mail.gmail.com> <7731938b1001060923n5de4b511of07b8c63cff4e011@mail.gmail.com> <fc2243911001060957n16f906f7m703c696b970e8c3c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/06/10 09:57, M. Keith Thompson wrote: > The states and tcpdump are with scrub turned off. I tried that and it > did not change things. > > Unsuccessful: > > self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50187 TIME_WAIT:TIME_WAIT > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59433 FIN_WAIT_2:FIN_WAIT_2 > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59434 FIN_WAIT_2:FIN_WAIT_2 > > Successful: > self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50188 FIN_WAIT_2:FIN_WAIT_2 > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59435 FIN_WAIT_2:FIN_WAIT_2 > > On Wed, Jan 6, 2010 at 11:23 AM, Peter Maxwell<peter@allicient.co.uk> wrote: >> 2010/1/6 M. Keith Thompson<m.keith.thompson@gmail.com>: >>> I have a very screwy problem. I have a pure-ftp server running pf on >>> FreeBSD 7.0. For the most part the server works fine; users upload >>> and download multi-megabyte files daily. However, I have one client >>> (HP-UX) that can not get files larger that 98K. If I turn off pf, it >>> works fine. The pflog does not show any packets from the IP that does >>> not work. I am totally lost; any ideas? >> >> >> Off the top of my head: packet normalisation/scrub directives, the >> other one would be to post your ruleset and a tcpdump of the session >> so folk have something to work with. >> >> Also, what happens to the FTP data and control connections - do they >> just stall or are the RSTs, etc? What does your state table show? The ftp server is sending FIN on the data connection after the first PSH of data. It would be interesting to see the before and after contents of the ftp command channel if you could repeat only the first failed transfer with the dump using '-s 0 -X' tcpdump flags. 11:40:30.476375 IP (tos 0x8, ttl 64, id 13412, offset 0, flags [DF], proto: TCP (6), length: 757) xxx.yyy.15.125.ftp-data > vvv.zzz.226.92.59433: P 1:706(705) ack 1 win 33026 <nop,nop,timestamp 1091991329 31321002> 11:40:30.476386 IP (tos 0x8, ttl 64, id 13413, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.yyy.15.125.ftp-data > vvv.zzz.226.92.59433: F, cksum 0x3a26 (correct), 706:706(0) ack 1 win 33026 <nop,nop,timestamp 1091991329 31321002>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hi2o0i$dnp$1>