From owner-freebsd-pf@FreeBSD.ORG Wed Jan 6 20:40:25 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D23010656C9 for ; Wed, 6 Jan 2010 20:40:25 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 95F508FC08 for ; Wed, 6 Jan 2010 20:40:24 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NScfr-00036T-Tl for freebsd-pf@freebsd.org; Wed, 06 Jan 2010 21:40:12 +0100 Received: from 207.155.204.151.ptr.us.xo.net ([207.155.204.151]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 06 Jan 2010 21:40:11 +0100 Received: from atkin901 by 207.155.204.151.ptr.us.xo.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 06 Jan 2010 21:40:11 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-pf@freebsd.org From: Mark Atkinson Date: Wed, 06 Jan 2010 11:24:02 -0800 Lines: 47 Message-ID: References: <7731938b1001060923n5de4b511of07b8c63cff4e011@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 207.155.204.151.ptr.us.xo.net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20100104 Thunderbird/3.0 In-Reply-To: Sender: news Subject: Re: ftp problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 20:40:25 -0000 On 01/06/10 09:57, M. Keith Thompson wrote: > The states and tcpdump are with scrub turned off. I tried that and it > did not change things. > > Unsuccessful: > > self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50187 TIME_WAIT:TIME_WAIT > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59433 FIN_WAIT_2:FIN_WAIT_2 > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59434 FIN_WAIT_2:FIN_WAIT_2 > > Successful: > self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50188 FIN_WAIT_2:FIN_WAIT_2 > self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59435 FIN_WAIT_2:FIN_WAIT_2 > > On Wed, Jan 6, 2010 at 11:23 AM, Peter Maxwell wrote: >> 2010/1/6 M. Keith Thompson: >>> I have a very screwy problem. I have a pure-ftp server running pf on >>> FreeBSD 7.0. For the most part the server works fine; users upload >>> and download multi-megabyte files daily. However, I have one client >>> (HP-UX) that can not get files larger that 98K. If I turn off pf, it >>> works fine. The pflog does not show any packets from the IP that does >>> not work. I am totally lost; any ideas? >> >> >> Off the top of my head: packet normalisation/scrub directives, the >> other one would be to post your ruleset and a tcpdump of the session >> so folk have something to work with. >> >> Also, what happens to the FTP data and control connections - do they >> just stall or are the RSTs, etc? What does your state table show? The ftp server is sending FIN on the data connection after the first PSH of data. It would be interesting to see the before and after contents of the ftp command channel if you could repeat only the first failed transfer with the dump using '-s 0 -X' tcpdump flags. 11:40:30.476375 IP (tos 0x8, ttl 64, id 13412, offset 0, flags [DF], proto: TCP (6), length: 757) xxx.yyy.15.125.ftp-data > vvv.zzz.226.92.59433: P 1:706(705) ack 1 win 33026 11:40:30.476386 IP (tos 0x8, ttl 64, id 13413, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.yyy.15.125.ftp-data > vvv.zzz.226.92.59433: F, cksum 0x3a26 (correct), 706:706(0) ack 1 win 33026