Hi I have a rather strange network setup, that has lead to strange problem, my network diagram can be found here
http://uadmin.blogspot.com/2006/07/calling-all-ipf-wizards.html I got the networking work with a single nat rule map bge0 from 192.168.2.0/24 ! to 192.168.1.0/24 -> 192.168.1.16/32 there are no other ipf.conf rules. okay now to the problem. it works fine for the first few kilobytes, then it stalls, when transfering files using scp, if i tranfer a small file less than 10k, scp completes the file and sits there waiting, and eventually times out. on a 1MB file it stopped at 49KB and eventually timed out, there is no problem with large amounts of trafffic over ssh, only scp has this problem. the target machine in this case is a system running solaris 9, if i don't go through the firewall, there is no problem transfering files. this target machine only has ssh on it. The symptoms also happen on another remote box, running debian using scp. But there isn't a problem transfering a 1MB file over http to the debian box the router is running on SunOS frankenstein 5.11 snv_39 sun4u sparc SUNW,Sun-Blade-1500 snoop of the end of a scp transfer on the outbound interface 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Push Ack=600347652 Seq=1086254467 Len=32 Win=49368 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Push Ack=1086254499 Seq=600347652 Len=64 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Push Ack=600347716 Seq=1086254499 Len=48 Win=49304 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Push Ack=1086254547 Seq=600347716 Len=64 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Push Ack=600347780 Seq=1086254547 Len=48 Win=49240 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254595 Seq=600347780 Len=0 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Push Ack=600347780 Seq=1086254595 Len=48 Win=49240 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Push Ack=1086254643 Seq=600347780 Len=64 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Push Ack=600347844 Seq=1086254643 Len=48 Win=49176 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600347844 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600349280 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600350716 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600352152 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600353588 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600355024 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600356460 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Push Ack=1086254691 Seq=600357896 Len=236 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59154 S=22 Ack=600347844 Seq=1086254691 Len=0 Win=49176 Options=<nop,nop,sack 600357896-600358132> frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600347844 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600347844 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600347844 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59154 Ack=1086254691 Seq=600347844 Len=1436 Win=50260 ^Cfrankenstein:/# end snoop of the same device when transfering the larger file 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59146 S=22 Push Ack=645391901 Seq=1130776583 Len=48 Win=49240 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Push Ack=1130776631 Seq=645391901 Len=64 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59146 S=22 Push Ack=645391965 Seq=1130776631 Len=48 Win=49176 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645391965 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645393401 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645394837 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645396273 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645397709 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645399145 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645400581 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645402017 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645403453 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645404889 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645406325 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Push Ack=1130776679 Seq=645407761 Len=636 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645408397 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645409833 Len=1436 Win=50260 84-43-73-85.ppp.onetel.net.uk -> frankenstein TCP D=59146 S=22 Ack=645391965 Seq=1130776679 Len=0 Win=49176 Options=<nop,nop,sack 645407761-645408397> frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645411269 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645391965 Len=1436 Win=50260 frankenstein -> 84-43-73-85.ppp.onetel.net.uk TCP D=22 S=59146 Ack=1130776679 Seq=645391965 Len=1436 Win=50260 i can get full snoop out put or files if you like, just ask James Dickens uadmin.blogspot.com _______________________________________________ networking-discuss mailing list [email protected]
