On Thu, Dec 07, 2006 at 04:31:49PM +0300, Roman Gorohov. wrote: > Hello, all. > We got a heavy load server with pf mostly doing nat and redirection. > [EMAIL PROTECTED] -r > 6.1-RELEASE > [EMAIL PROTECTED] -sr | wc -l > 546 > [EMAIL PROTECTED] -ss | wc -l > 9452 > Traffic is about 8 Mb/s. > /etc/inetd.conf: ftp-proxy stream tcp nowait root > /usr/libexec/ftp-proxy ftp-proxy -u proxy -m 55000 -M 57000 -t 180 > /etc/pf.conf: rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 > port 8021 > Traffic is about 8 megabit/s. > All working ok until we turn on ftp-proxy. > After that(and some time) server suddenly hang. > Just hang, no kernel trap and clear console, didn't responding for any > key(I don't know how might that be, never expect it from BSD). > Meanwhile I can see one event relating to that - ftp-proxy. > And its not hardware issue, we got two identical server(hp dl 380, afair) > working in carp, and both hanging. > Last messages: > Dec 7 15:14:42 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/min > (limit 60/min) > Dec 7 15:14:44 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/min > (limit 60/min) > Dec 7 15:14:45 fw ftp-proxy[64195]: xfer_data (server to client): failed > (Connection reset by peer) with flags 00 > Dec 7 15:14:55 fw ftp-proxy[64196]: xfer_data (server to client): failed > (Connection reset by peer) with flags 00 > Dec 7 15:32:31 fw syslogd: kernel boot file is /boot/kernel/kernel > > Are there any known issue with ftp-proxy+pf? try to use pftpx instead of ftp-proxy, it's available from ports.
Bye, Gergely Czuczy mailto: [EMAIL PROTECTED] -- Weenies test. Geniuses solve problems that arise.
pgptAxtsOJV3a.pgp
Description: PGP signature