Remember the problem is only with one client and files over 98K.
Hundreds of other clients transfer multi-megabyte files no problem.
On Jan 8, 2010, at 4:50 PM, J65nko wrote:
On Fri, Jan 8, 2010 at 9:50 PM, M. Keith Thompson
wrote:
It looks like it was a tcp windowing problem. The command:
On Fri, Jan 8, 2010 at 9:50 PM, M. Keith Thompson
wrote:
> It looks like it was a tcp windowing problem. The command: "sysctl -w
> sysctl net.inet.tcp.rfc1323=0"
> fixed the problem.
This only fixes a symptom. :) There is something wrong with your ruleset.
>>> # Allow ftp
>>> pass in quick on $
Yes, that is what he meant and I fixed it.
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
It looks like it was a tcp windowing problem. The command: "sysctl -w
sysctl net.inet.tcp.rfc1323=0"
fixed the problem.
Thanks for all of the suggestions and help.
On Fri, Jan 8, 2010 at 7:51 AM, M. Keith Thompson
wrote:
> On Thu, Jan 7, 2010 at 10:18 PM, J65nko wrote:
>> On Thu, Jan 7, 2010
J65nko wrote:
>
> You meant to pass active ftp with this rule:
>
> >>> pass in quick on $ext_if proto tcp from any port > 1 to $ext_IP
> >>> port 20 keep state
>
> But it should be:
> pass out quick on $ext_if inet proto tcp from any port ftp-data
> to $ext_IP port > 1 keep state
On Thu, Jan 7, 2010 at 10:18 PM, J65nko wrote:
> On Thu, Jan 7, 2010 at 10:19 PM, M. Keith Thompson
> wrote:
>> On Thu, Jan 7, 2010 at 2:37 PM, J65nko wrote:
# SSH from NetEng subnet
pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
22 keep state
# All
On Thu, Jan 7, 2010 at 10:19 PM, M. Keith Thompson
wrote:
> On Thu, Jan 7, 2010 at 2:37 PM, J65nko wrote:
>>> # SSH from NetEng subnet
>>> pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
>>> 22 keep state
>>>
>>> # Allow inside network to ping the server
>>> pass in quick on
On 01/07/10 10:26, M. Keith Thompson wrote:
It does a list first to see which file to get. Then it tries to
download the 1st file.
It starts downloading the file around:
14:40:49.668739
Yep, I see that, the only anomoly is no '226 transfer complete' on the
command channel after the Fin + P
On Thu, Jan 7, 2010 at 2:37 PM, J65nko wrote:
>> # SSH from NetEng subnet
>> pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
>> 22 keep state
>>
>> # Allow inside network to ping the server
>> pass in quick on $ext_if proto icmp from $pingers to $ext_IP keep state
>>
>> # Allo
> # SSH from NetEng subnet
> pass in quick log on $ext_if proto tcp from $net_eng to $ext_if port
> 22 keep state
>
> # Allow inside network to ping the server
> pass in quick on $ext_if proto icmp from $pingers to $ext_IP keep state
>
> # Allow DNS lookups
> pass out quick on $ext_if proto udp to
It does a list first to see which file to get. Then it tries to
download the 1st file.
It starts downloading the file around:
14:40:49.668739
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, s
On 01/06/10 13:40, M. Keith Thompson wrote:
14:40:49.329499 IP vvv.zzz.226.92.50201> xxx.yyy.15.125.ftp: P
80:105(25) ack 755 win 17680
0x: 4500 004d 3160 3406 26e0 a4eb e25c E..M1`..4.&\
0x0010: 97a6 0f7d c419 0015 1590 303f bf82 ad2d ...}..0?...-
On 01/06/10 09:57, M. Keith Thompson wrote:
> The states and tcpdump are with scrub turned off. I tried that and it
> did not change things.
>
> Unsuccessful:
>
> self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50187 TIME_WAIT:TIME_WAIT
> self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59433 F
On 01/06/10 09:57, M. Keith Thompson wrote:
The states and tcpdump are with scrub turned off. I tried that and it
did not change things.
Unsuccessful:
self tcp xxx.yyy.15.125:21<- vvv.zzz.226.92:50187 TIME_WAIT:TIME_WAIT
self tcp xxx.yyy.15.125:20<- vvv.zzz.226.92:59433 FIN_WAIT_2:
The states and tcpdump are with scrub turned off. I tried that and it
did not change things.
Begin of pf.conf ---
ext_if="em0"
ext_IP="xxx.yyy.15.125"
local_if="lo0"
net_eng="{xxx.yyy.103.224/27 xxx.yyy.203.248/29 aaa.bbb.44.62/32}"
pingers="{xxx.yyy.24.13/32 xxx.yyy.24.119/32}"
# Nor
2010/1/6 M. Keith Thompson :
> I have a very screwy problem. I have a pure-ftp server running pf on
> FreeBSD 7.0. For the most part the server works fine; users upload
> and download multi-megabyte files daily. However, I have one client
> (HP-UX) that can not get files larger that 98K. If I t
I have a very screwy problem. I have a pure-ftp server running pf on
FreeBSD 7.0. For the most part the server works fine; users upload
and download multi-megabyte files daily. However, I have one client
(HP-UX) that can not get files larger that 98K. If I turn off pf, it
works fine. The pflog
On Fri, Dec 08, 2006 at 04:53:02PM +0300, Roman Gorohov. wrote:
> Hello, Gergely.
>
> > try to use pftpx instead of ftp-proxy, it's available from ports.
>
>
> > Bye,
>
> > Gergely Czuczy
>
> I tried switch to pftpx and got same result.
> Last messages:
> Dec 7 17:02:05 fw-spb p
Hello, Gergely.
> try to use pftpx instead of ftp-proxy, it's available from ports.
> Bye,
> Gergely Czuczy
I tried switch to pftpx and got same result.
Last messages:
Dec 7 17:02:05 fw-spb pftpx[7306]: client limit (100) reached, refusing
connection from 10.10.1.70
Dec 7 17:02:47 fw-spb pf
19 matches
Mail list logo
