Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Nov 2008 17:30:10 -0800
From:      Jeremy Chadwick <koitsu@FreeBSD.org>
To:        J MPZ <joompz@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Problems with FreeBSD
Message-ID:  <20081104013010.GA34643@icarus.home.lan>
In-Reply-To: <e56958de0811031643s473b499haa3243de1ed7c278@mail.gmail.com>
References:  <e56958de0811031643s473b499haa3243de1ed7c278@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Nov 03, 2008 at 10:43:52PM -0200, J MPZ wrote:
> Hi guys,
> 
> I have some problem with my FreeBSD server. I have this:
> 
> #########                                    ###########      #########
> # Linux1  #  -> ASA  -> Internet  -> # FreeBSD  #  -> # Linux2 #
> #########                                    ###########      #########
> 
> If I run a ssh for Linux1 to FreeBSD, my connection freeze when the return
> of some command is a big text. Example:
> 
> I make a ssh connection in the from the Linux1 to FreeBSD server, then, I
> execute some commands, like: 'pwd', 'whoami', 'ls /'... this work perfectly.
> But, if I run some command that return a big text, like as: 'ls /dev/', or
> top, my connection freeze.
> 
> In other terminal, the tcpdump continues showing packets in this connection
> that was freeze.

Does the FreeBSD machine run a firewall at all, e.g. pf(4)?

If so, you probably have some rules which are broken.  (I've seen this
problem on FreeBSD 6.x when using rules which are not correctly
configured to match initiate state).  Also, if a firewall is in use and
you're blocking all forms of ICMP, that would impact path MTU discovery.
Naughty.

You might also try disabling TCP extensions on the FreeBSD box to see if
it makes any difference.  Note that this can impact performance (large
TCP window sizes won't be negotiated), but it's worth disabling for a
test case.

sysctl net.inet.tcp.rfc1323=0

> If I try to access the Linux2, throught FreeBSD (redirect port on natd or
> redirect port with rinetd), the same thing happens.
> 
> Is this a problem with FreeBSD? Someone know how I can fix it? Some sysctl?

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081104013010.GA34643>