From: "Daniel Wittenberg" <daniel-wittenberg@starken.com>
To: netfilter@lists.netfilter.org
Subject: state table not working
Date: Fri, 18 Jun 2004 14:48:18 -0500 [thread overview]
Message-ID: <1087588098.40d3470246775@securemail.starken.com> (raw)
I've got a firewall I've been supporting for awhile, and few months things have
been screwy, and I think I've narrowed it down. Originally it looked like a bug
in proftpd, but now it looks like connections that are stateful stop working.
What seems to happen is that after a period of time (almost 2 weeks now),
passive mode ftp stops working, but active mode still works. Is there anything
that can be checked/traced to check what the connection table is like? I have
watched for errors in dmesg and /var/log/message (fedora core 1 box), about
connection table full, but nothing there. Here's part of the trace when things
broke:
1.2.3.4 is outside host
0.181007 192.168.254.7 -> 1.2.3.4 FTP Response: 230 User <user> logged in.
0.214498 1.2.3.4 -> 192.168.254.7 FTP Request: TYPE I
0.215631 192.168.254.7 -> 1.2.3.4 FTP Response: 200 Type set to I
0.260922 1.2.3.4 -> 192.168.254.7 FTP Request: PWD
0.262036 192.168.254.7 -> 1.2.3.4 FTP Response: 257 "/" is current directory.
0.344486 1.2.3.4 -> 192.168.254.7 TCP 56178 > ftp [ACK] Seq=39 Ack=147
Win=5840 Len=0 TSV=250989004 TSER=112409764
0.362754 1.2.3.4 -> 192.168.254.7 FTP Request: PASV
0.363917 192.168.254.7 -> 1.2.3.4 FTP Response: 227 Entering Passive Mode
(192,168,254,7,8,202).
0.407829 1.2.3.4 -> 192.168.254.7 TCP 56178 > ftp [ACK] Seq=45 Ack=197
Win=5840 Len=0 TSV=250989010 TSER=112409774
0.407907 1.2.3.4 -> 192.168.254.7 TCP 56179 > 2250 [SYN] Seq=0 Ack=0 Win=5840
Len=0 MSS=1460 TSV=250989010 TSER=0 WS=0
3.400629 1.2.3.4 -> 192.168.254.7 TCP 56179 > 2250 [SYN] Seq=0 Ack=0 Win=5840
Len=0 MSS=1460 TSV=250989310 TSER=0 WS=0
9.400613 1.2.3.4 -> 192.168.254.7 TCP 56179 > 2250 [SYN] Seq=0 Ack=0 Win=5840
Len=0 MSS=1460 TSV=250989910 TSER=0 WS=0
11.114693 1.2.3.4 -> 192.168.254.7 TCP 56178 > ftp [FIN, ACK] Seq=45 Ack=197
Win=5840 Len=0 TSV=250990074 TSER=112409774
Any other ideas?
Dan
next reply other threads:[~2004-06-18 19:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-18 19:48 Daniel Wittenberg [this message]
2004-06-18 20:09 ` state table not working Jozsef Kadlecsik
2004-06-18 20:16 ` Daniel Wittenberg
2004-06-21 9:38 ` Jozsef Kadlecsik
2004-06-21 13:48 ` Daniel Wittenberg
2004-06-21 14:02 ` Jozsef Kadlecsik
2004-06-21 14:47 ` Daniel Wittenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1087588098.40d3470246775@securemail.starken.com \
--to=daniel-wittenberg@starken.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.