--- Original message --- From: "Julian Elischer" <jul...@freebsd.org> Date: 15 February 2018, 07:51:34
> On 14/2/18 2:35 pm, wishmaster wrote: > > Hi, colleagues. > > > > I have the main server/router and Samba server behind this one. This Samba > > server at every night sends some data via FTP to another server on the > > Internet. > > The first remote server is under my power and use about the same > > configuration as main plus FTPD (port 2112) daemon. > > The second remote server is not in my power and we use is as backup storage > > and as I know OS is f...ing Linux. > > > > When I connect to the first server and transmit a very big file with > > transmission duration > 300 sec, the control channel (port pair 36313 <-> > > 2112) always "recreated" when the expiration timer aim to zero. > > > > root@xxx: ipfw -d show|grep '111.222.230.62' > > 15150 69 5255 (29s) STATE tcp 111.222.230.62 36313 <-> 111.222.13.195 2112 > > :nts > > 15150 320423 321696704 (300s) STATE tcp 111.222.230.62 60759 <-> > > 111.222.13.195 49758 :nts > > > > The issue is with the second remote server. When I transmit a very big > > file, the control channel does not "recreated" and transmitting this file > > and all the next is always fails. > > > > root@xxx: ipfw -d show|grep '111.222.0.7' > > 03200 2985778 2299927348 (300s) STATE tcp 111.222.0.253 63307 <-> > > 111.222.0.7 44678 :nts > > 03200 59 4622 (6s) STATE tcp 111.222.0.253 63623 <-> 111.222.0.7 21 :nts > > > > root@xxx: ipfw -d show|grep '111.222.0.7' > > 03200 3137837 2414765852 (300s) STATE tcp 111.222.0.253 63307 <-> > > 111.222.0.7 44678 :nts > > > > The main server/router uses IPFW and in most places dynamic rules. Is > > workaround I have added one rule on external interface: > > > > $cmd 5153 allow log tcp from any 21 to any 1024-65535 # ipfw - ftp issue > > > > But I want find the problem. > > > > Thanks, > > Vitaly > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org" > > > > can you check the values of the keep-alive timers on all 3 systems? > > And possibly the firewall on system3 may block keepalive packets.. I think as well. Unfortunately this host is not mine. > [jelischer@bob ~/p4/private/inverness-integ1]$ sysctl > net.inet.tcp.always_keepalive > net.inet.tcp.always_keepalive: 1 > > [jelischer@bob ~/p4/private/inverness-integ1]$ sysctl > net.inet.tcp.keepidle > net.inet.tcp.keepidle: 7200000 > > that's 2 hours for example. > > setting it to less than 300000 should make your control session > include keepalive packets net.inet.tcp.keepidle=299999 doesn't help In any case, thanks for your attention. -- Vitaly _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
