ftp-proxy problem

[Gergely CZUCZY]

On Thu, Dec 07, 2006 at 04:31:49PM +0300, Roman Gorohov.               wrote:
> Hello, all.
> We got a heavy load server with pf mostly doing nat and redirection.
> [root at fw]#uname -r
> 6.1-RELEASE
> [root at fw]#pfctl -sr | wc -l
>      546
> [root at fw]#pfctl -ss | wc -l
>     9452
> Traffic is about 8 Mb/s.
> /etc/inetd.conf: ftp-proxy       stream  tcp     nowait  root    /usr/libexec/ftp-proxy  ftp-proxy -u proxy -m 55000 -M 57000 -t 180
> /etc/pf.conf: rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 
> Traffic is about 8 megabit/s.
> All working ok until we turn on ftp-proxy. 
> After that(and some time) server suddenly hang. 
> Just hang, no kernel trap and clear console, didn't responding for any
> key(I don't know how might that be, never expect it from BSD).
> Meanwhile I can see one event relating to that - ftp-proxy.
> And its not hardware issue, we got two identical server(hp dl 380, afair) working in carp, and both hanging. 
> Last messages:
> Dec  7 15:14:42 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/min (limit 60/min)
> Dec  7 15:14:44 fw inetd[640]: ftp-proxy from 10.10.1.70 exceeded counts/min (limit 60/min)
> Dec  7 15:14:45 fw ftp-proxy[64195]: xfer_data (server to client): failed (Connection reset by peer) with flags 00
> Dec  7 15:14:55 fw ftp-proxy[64196]: xfer_data (server to client): failed (Connection reset by peer) with flags 00
> Dec  7 15:32:31 fw syslogd: kernel boot file is /boot/kernel/kernel
> 
> Are there any known issue with ftp-proxy+pf?
try to use pftpx instead of ftp-proxy, it's available from ports.


Bye,

Gergely Czuczy
mailto: gergely.czuczy at harmless.hu

-- 
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1641 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20061207/6d7d22fd/attachment.pgp