Hi,
Maybe it's not a netfilter problem, but I know that people on this list
is ftp/firewall/network aware.
Here is my pbm.
Active connections from workstation/FW to ftpserver2 hangs after some
files have been transfered.
------------------ ftpserver1
|
|
|
ftpserver2-------Internet
|
|
|
FW netfilter
|
|
-----------workstation
If somone know a similar problem or has any idea...
Some test:
In ftp passive mode: all is ok
In ftp active mode:
workstation->ftpserver2: Hang after some files are transfered
workstation->ftpserver1: OK
ftpserver1->ftpserver2: OK
FW->ftpserver2: Hang after some files are transfered
(iptables unloaded for this test)
Configs:
ftpserver2: debian potato with proftpd
ftpserver1: debian woody with proftpd (pre-nated with a
potato+netfilter+kernel-2.4.18 box)
FW: debian potato with netfilter (kernel 2.4.18)
Here is the end of tcpdump on FW external iface just before it hangs:
workstation.3006 > ftpserver2.ftp: P 790:811(21) ack 1522 win 16060 <nop,nop,timestamp
451190278 1158115672> (DF)
ftpserver2.ftp > workstation.3006: P 1522:1542(20) ack 811 win 16060
<nop,nop,timestamp 1158115673 451190278> (DF)
workstation.3006 > ftpserver2.ftp: P 811:837(26) ack 1542 win 16060 <nop,nop,timestamp
451190280 1158115673> (DF)
ftpserver2.ftp > workstation.3006: P 1542:1572(30) ack 837 win 16060
<nop,nop,timestamp 1158115675 451190280> (DF)
workstation.3006 > ftpserver2.ftp: P 837:858(21) ack 1572 win 16060 <nop,nop,timestamp
451190281 1158115675> (DF)
ftpserver2.ftp-data > workstation.3015: S 1214809980:1214809980(0) win 16060 <mss
1460,sackOK,timestamp 1158115676 0,nop,wscale 0> (DF)
workstation.3015 > ftpserver2.ftp-data: S 1558404700:1558404700(0) ack 1214809981 win
16060 <mss 1460,sackOK,timestamp 451190283 1158115676,nop,wscale 0> (DF)
ftpserver2.ftp > workstation.3006: . ack 858 win 16060 <nop,nop,timestamp 1158115678
451190281> (DF)
ftpserver2.ftp > workstation.3006: P 1572:1633(61) ack 858 win 16060
<nop,nop,timestamp 1158115678 451190281> (DF)
workstation.3006 > ftpserver2.ftp: . ack 1633 win 16060 <nop,nop,timestamp 451190286
1158115678> (DF)
ftpserver2.ftp-data > workstation.3009: F 1:1(0) ack 30805 win 15928
<nop,nop,timestamp 1158115758 451190061> (DF)
workstation.3009 > ftpserver2.ftp-data: . ack 2 win 16060 <nop,nop,timestamp 451190364
1158115758> (DF)
ftpserver2.ftp-data > workstation.3011: F 1:1(0) ack 24799 win 15928
<nop,nop,timestamp 1158115879 451190179> (DF)
workstation.3011 > ftpserver2.ftp-data: . ack 2 win 16060 <nop,nop,timestamp 451190485
1158115879> (DF)
ftpserver2.ftp-data > workstation.3012: F 1:1(0) ack 60672 win 15928
<nop,nop,timestamp 1158115922 451190220> (DF)
workstation.3012 > ftpserver2.ftp-data: . ack 2 win 16060 <nop,nop,timestamp 451190528
1158115922> (DF)
ftpserver2.ftp-data > workstation.3013: F 1:1(0) ack 17269 win 15928
<nop,nop,timestamp 1158115941 451190243> (DF)
workstation.3013 > ftpserver2.ftp-data: . ack 2 win 16060 <nop,nop,timestamp 451190547
1158115941> (DF)
ftpserver2.ftp-data > workstation.3014: F 1:1(0) ack 33877 win 15928
<nop,nop,timestamp 1158115969 451190269> (DF)
workstation.3014 > ftpserver2.ftp-data: . ack 2 win 16060 <nop,nop,timestamp 451190577
1158115969> (DF)
workstation.3015 > ftpserver2.ftp-data: S 1558404700:1558404700(0) ack 1214809981 win
16060 <mss 1460,sackOK,timestamp 451190611 1158115676,nop,wscale 0> (DF)
workstation.3015 > ftpserver2.ftp-data: S 1558404700:1558404700(0) ack 1214809981 win
16060 <mss 1460,sackOK,timestamp 451191261 1158115676,nop,wscale 0> (DF)
workstation.3015 > ftpserver2.ftp-data: S 1558404700:1558404700(0) ack 1214809981 win
16060 <mss 1460,sackOK,timestamp 451192511 1158115676,nop,wscale 0> (DF)
workstation.3006 > ftpserver2.ftp: P 858:879(21) ack 1633 win 16060 <nop,nop,timestamp
451193284 1158115678> (DF)
ftpserver2.ftp > workstation.3006: . ack 879 win 16060 <nop,nop,timestamp 1158118680
451193284> (DF)
--
Easter-eggs Sp�cialiste GNU/Linux
44-46 rue de l'Ouest - 75014 Paris - France - M�tro Gait�
Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED] - http://www.easter-eggs.com
msg03538/pgp00000.pgp
Description: PGP signature
