ftp-proxy makes new connection for each file

Tue, 20 Sep 2005 08:55:30 -0700 

hello misc.
i am using openbsd 3.7-release with pf and ftp-proxy. ftp-proxy is working fine so far, but i recognised, that it establishes a new connection for each file it transfers. 

a little excerpt from netstat -an:

[snip]
tcp        0      0  192.168.83.1.53966     192.168.83.14.2503     TIME_WAIT
tcp        0      0  192.168.83.1.53311     192.168.83.14.2502     TIME_WAIT
tcp        0      0  192.168.83.1.58646     192.168.83.14.2501     TIME_WAIT
tcp        0      0  192.168.83.1.56139     192.168.83.14.2500     TIME_WAIT
tcp        0      0  192.168.83.1.56362     192.168.83.14.2499     TIME_WAIT
tcp        0      0  192.168.83.1.64507     192.168.83.14.2498     TIME_WAIT
tcp        0      0  192.168.83.1.60030     192.168.83.14.2497     TIME_WAIT
tcp        0      0  192.168.83.1.51063     192.168.83.14.2496     TIME_WAIT
tcp        0      0  192.168.83.1.54752     192.168.83.14.2495     TIME_WAIT
tcp        0      0  192.168.83.1.55199     192.168.83.14.2494     TIME_WAIT
tcp        0      0  192.168.83.1.61263     192.168.83.14.2493     TIME_WAIT
tcp        0      0  192.168.83.1.58911     192.168.83.14.2492     TIME_WAIT
[snip]


whereas the first adress is my firewall and the latter my client which 
is transferring a lot of small files from an ftp-server. pftop looks 
similiar. after a little while the server on the other gets a lot of 
connections from pftop too and doesn't accept any more and so the 
data-transfer stalls:


netstat -an:

[snip]


tcp        0      0 192.168.75.130:20       192.168.75.254:60017 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:57010 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:65138 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:53747 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:53363 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:59692 
TIME_WAIT
tcp        0      0 192.168.75.130:20       192.168.75.254:57964 
TIME_WAIT


[snip]


where the left one ist the ftp-server and the latter the interface of 
the obsd-box.


i am starting ftp-proxy out of inetd:


127.0.0.1:8021  stream  tcp     nowait  root    /usr/libexec/ftp-proxy 
ftp-proxy -t 90


the lines in pf.conf relating to ftp-proxy:

# alle FTP-anfragen auf ftp-proxy umleiten

rdr pass on { $dmz_if, $int_if, $vpn_if } proto tcp from any to any port 
21 -> 127.0.0.1 port 8021


# ftp-proxy regeln
pass in on $ext_if proto tcp from any to ($ext_if) user proxy keep state

pass out on {$dmz_if, $int_if, $vpn_if} proto tcp from any to ($ext_if) 
user proxy keep state

pass in on $dmz_if proto tcp from any to ($dmz_if) user proxy keep state

pass out on {$int_if, $vpn_if} proto tcp from port > 49151 user proxy 
keep state




can anybody point me in the correct direction to solve this, or is this 
the expected behaviour of ftp-proxy?


TIA,
marc

dmesg:
OpenBSD 3.7 (GENERIC) #0: Thu Jun 16 17:53:41 CEST 2005
    [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class) 1.01 GHz

cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 535318528 (522772K)
avail mem = 481673216 (470384K)
using 4278 buffers containing 26869760 bytes (26240K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(64) BIOS, date 12/14/00, BIOS32 rev. 0 @ 0xf0b90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x13d2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1300/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000 0xcc000/0x5400
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)

pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x02: rng active, 
398Kb/sec
vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x02: aperture 
at 0xf8000000, size 0x4000000

wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x02
pci1 at ppb0 bus 1

xl0 at pci1 dev 9 function 0 "3Com 3c905B 100Base-TX" rev 0x30: irq 11, 
address 00:04:76:9e:42:2a

exphy0 at xl0 phy 24: 3Com internal media interface

xl1 at pci1 dev 10 function 0 "3Com 3c905 100Base-TX" rev 0x00: irq 10, 
address 00:60:08:2d:35:8d

nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1
ahc1 at pci1 dev 13 function 0 "Adaptec AIC-7899 U160" rev 0x01: irq 11
scsibus0 at ahc1: 16 targets

sd0 at scsibus0 targ 0 lun 0: <QUANTUM, ATLAS10K2-TY092L, DDD6> SCSI3 
0/direct fixed

sd0: 8759MB, 17338 cyl, 3 head, 344 sec, 512 bytes/sec, 17938985 sec total
ahc2 at pci1 dev 13 function 1 "Adaptec AIC-7899 U160" rev 0x01: irq 10
scsibus1 at ahc2: 16 targets

xl2 at pci1 dev 15 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 9, 
address 00:e0:18:05:10:1a

exphy1 at xl2 phy 24: 3Com internal media interface
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x02

pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x02: DMA, 
channel 0 wired to compatibility, cha

nnel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets

cd0 at scsibus2 targ 0 lun 0: <PIONEER, DVD-ROM DVD-115, 1.11> SCSI0 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x02: irq 7
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82801BA SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x02: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot

wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0

pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask ffe5 netmask ffe5 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
uhub2 at uhub1 port 2
uhub2: ALCOR Generic USB Hub, class 9/0, rev 1.10/1.00, addr 2
uhub2: 4 ports with 4 removable, self powered
ahc1: target 0 using 16bit transfers
ahc1: target 0 synchronous at 80.0MHz DT, offset = 0x7f
dkcsum: sd0 matched BIOS disk 80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02























					Reply via email to