Problems with FreeBSD
Hi guys, I have some problem with my FreeBSD server. I have this: #### # # Linux1 # -> ASA -> Internet -> # FreeBSD # -> # Linux2 # #### # If I run a ssh for Linux1 to FreeBSD, my connection freeze when the return of some command is a big text. Example: I make a ssh connection in the from the Linux1 to FreeBSD server, then, I execute some commands, like: 'pwd', 'whoami', 'ls /'... this work perfectly. But, if I run some command that return a big text, like as: 'ls /dev/', or top, my connection freeze. In other terminal, the tcpdump continues showing packets in this connection that was freeze. If I try to access the Linux2, throught FreeBSD (redirect port on natd or redirect port with rinetd), the same thing happens. Is this a problem with FreeBSD? Someone know how I can fix it? Some sysctl? Regards, J. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems with FreeBSD
Jeremy, 2008/11/4, Jeremy Chadwick <[EMAIL PROTECTED]>: > > On Tue, Nov 04, 2008 at 11:11:15AM -0200, J MPZ wrote: > > Hi Jeremy, > > > > I tried without none rules on ipfw FreeBSD (just "allow ip from any to > any") > > and error continues occurring. > > Then I have no idea. > > > How I can disable the TCP extensions? > > > > I tried to set this value on this sysctl (sysctl net.inet.tcp.rfc1323=0) > but > > not work. > > Setting the sysctl to 0 disables TCP extesnsions. > > But by "not work" do you mean "it didn't solve the problem", or "setting > the > sysctl failed"? I think you mean "it didn't solve the problem", in > which case, it's not the source of the problem. It didn't solve the problem. :-/ -- > | Jeremy Chadwickjdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems with FreeBSD
Hi Paul, When my connections freeze, I open the tcpdump in other terminal. If I type something, type "Enter", on the terminal frozen, the tcpdump show packets, like that: 11:18:45.526256 IP (tos 0x0, ttl 51, id 651, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 193:241(48) ack 0 win 15136 11:18:45.625839 IP (tos 0x10, ttl 64, id 23438, offset 0, flags [DF], proto: TCP (6), length: 52) 201.57.5.2.2264 > 189.21.230.195.20787: ., cksum 0x4d03 (correct), 1664:1664(0) ack 241 win 65535 11:18:45.707825 IP (tos 0x0, ttl 51, id 652, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 241:289(48) ack 0 win 15136 11:18:45.807839 IP (tos 0x10, ttl 64, id 23493, offset 0, flags [DF], proto: TCP (6), length: 52) 201.57.5.2.2264 > 189.21.230.195.20787: ., cksum 0x4b4b (correct), 1664:1664(0) ack 289 win 65535 11:18:45.867181 IP (tos 0x0, ttl 51, id 653, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 289:337(48) ack 0 win 15136 11:18:45.966840 IP (tos 0x10, ttl 64, id 23529, offset 0, flags [DF], proto: TCP (6), length: 52) 201.57.5.2.2264 > 189.21.230.195.20787: ., cksum 0x49b5 (correct), 1664:1664(0) ack 337 win 65535 When I executed 'ls' on the terminal frozen, returns this on tcpdump: 11:19:35.738788 IP (tos 0x0, ttl 51, id 654, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 337:385(48) ack 0 win 15136 11:19:35.788428 IP (tos 0x0, ttl 51, id 655, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 385:433(48) ack 0 win 15136 11:19:35.788483 IP (tos 0x10, ttl 64, id 34519, offset 0, flags [DF], proto: TCP (6), length: 52) 201.57.5.2.2264 > 189.21.230.195.20787: ., cksum 0xc3d4 (correct), 1664:1664(0) ack 433 win 65535 11:19:36.229773 IP (tos 0x0, ttl 51, id 656, offset 0, flags [DF], proto: TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P 433:481(48) ack 0 win 15136 11:19:36.328854 IP (tos 0x10, ttl 64, id 34621, offset 0, flags [DF], proto: TCP (6), length: 52) 201.57.5.2.2264 > 189.21.230.195.20787: ., cksum 0xbf5c (correct), 1664:1664(0) ack 481 win 65535 I'm using: tcpdump -nvvv -i ste0 host REMOTE_IP 2008/11/3, Paul A. Procacci <[EMAIL PROTECTED]>: > > J MPZ wrote: > >> Hi guys, >> >> I have some problem with my FreeBSD server. I have this: >> >> #### # >> # Linux1 # -> ASA -> Internet -> # FreeBSD # -> # Linux2 # >> #### # >> >> If I run a ssh for Linux1 to FreeBSD, my connection freeze when the return >> of some command is a big text. Example: >> >> I make a ssh connection in the from the Linux1 to FreeBSD server, then, I >> execute some commands, like: 'pwd', 'whoami', 'ls /'... this work >> perfectly. >> But, if I run some command that return a big text, like as: 'ls /dev/', or >> top, my connection freeze. >> >> In other terminal, the tcpdump continues showing packets in this >> connection >> that was freeze. >> >> If I try to access the Linux2, throught FreeBSD (redirect port on natd or >> redirect port with rinetd), the same thing happens. >> >> Is this a problem with FreeBSD? Someone know how I can fix it? Some >> sysctl? >> >> Regards, >> J. >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> [EMAIL PROTECTED]" >> >> > The tcpdump that you say continues showing packets..are the packets > leaving the freeBSD machine or arriving at the FreeBSD machine. > My guess is you meant leaving the FreeBSD destined for your linux machine. > If this is the case, then the problem most likely lies with the ASA. > If you monitor the ASA's external interface during your testing, do you see > packets arriving? If so, do you see packets leaving the internal interface > going back to your Linux1 machine? > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems with FreeBSD
Hi Jeremy, I tried without none rules on ipfw FreeBSD (just "allow ip from any to any") and error continues occurring. How I can disable the TCP extensions? I tried to set this value on this sysctl (sysctl net.inet.tcp.rfc1323=0) but not work. 2008/11/3, Jeremy Chadwick <[EMAIL PROTECTED]>: > > On Mon, Nov 03, 2008 at 10:43:52PM -0200, J MPZ wrote: > > Hi guys, > > > > I have some problem with my FreeBSD server. I have this: > > > > #### # > > # Linux1 # -> ASA -> Internet -> # FreeBSD # -> # Linux2 # > > #### # > > > > If I run a ssh for Linux1 to FreeBSD, my connection freeze when the > return > > of some command is a big text. Example: > > > > I make a ssh connection in the from the Linux1 to FreeBSD server, then, I > > execute some commands, like: 'pwd', 'whoami', 'ls /'... this work > perfectly. > > But, if I run some command that return a big text, like as: 'ls /dev/', > or > > top, my connection freeze. > > > > In other terminal, the tcpdump continues showing packets in this > connection > > that was freeze. > > Does the FreeBSD machine run a firewall at all, e.g. pf(4)? > > If so, you probably have some rules which are broken. (I've seen this > problem on FreeBSD 6.x when using rules which are not correctly > configured to match initiate state). Also, if a firewall is in use and > you're blocking all forms of ICMP, that would impact path MTU discovery. > Naughty. > > You might also try disabling TCP extensions on the FreeBSD box to see if > it makes any difference. Note that this can impact performance (large > TCP window sizes won't be negotiated), but it's worth disabling for a > test case. > > sysctl net.inet.tcp.rfc1323=0 > > > If I try to access the Linux2, throught FreeBSD (redirect port on natd or > > redirect port with rinetd), the same thing happens. > > > > Is this a problem with FreeBSD? Someone know how I can fix it? Some > sysctl? > > -- > | Jeremy Chadwickjdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Problems with FreeBSD
YSSS!!!
It's work! With the -C option work fine! :-)
Now, what I need to do to use it without -C? Do I need to change some
option?
The ssh was executed on Linux:
Linux (ssh -C host) -> ASA <- Internet -> FreeBSD
Thanks!
2008/11/4 Brian Whalen <[EMAIL PROTECTED]>
> Giorgos Keramidas wrote:
>
>> On Tue, 4 Nov 2008 11:10:25 -0200, "J MPZ" <[EMAIL PROTECTED]> wrote:
>>
>>
>>> Hi Paul,
>>>
>>> When my connections freeze, I open the tcpdump in other terminal. If I
>>> type
>>> something, type "Enter", on the terminal frozen, the tcpdump show
>>> packets,
>>> like that:
>>>
>>> 11:18:45.526256 IP (tos 0x0, ttl 51, id 651, offset 0, flags [DF],
>>> proto:
>>> TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P
>>> 193:241(48)
>>> ack 0 win 15136 >> {1428:1664}>
>>>
>>>
>> [...]
>>
>>
>>
>>> I'm using: tcpdump -nvvv -i ste0 host REMOTE_IP
>>>
>>>
>>
>> Can you try capturing the connection setup packets, so we can look at
>> the TCP MSS negotiation values? Starting TCPDUMP *before* one of the
>> connections that stall is made should capture that.
>>
>> There may be an intermediate router or firewall that blocks ICMP and
>> ends up breaking path MTU discovery. I've seen TCP connections
>> 'stall' when path-mtu was broken by a setup like this and one of the
>> intermediate routers started dropping TCP packets that were too large
>> for one of its interfaces.
>>
>> ___
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> [EMAIL PROTECTED]"
>>
>>
> Since the result set is so big, something else to try may be invoking the
> ssh connection with compression on, -C is the flag. THis will allow us to
> see if it really isnt working or is just slower than you'd like.
>
> Brian
>
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> [EMAIL PROTECTED]"
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
