Passive FTP problem, no nat
-
I'm finding an FTP problem, different to the other FTP problem threads, I have read them before posting.
I have two 2.0-RC2 (amd64) built on Mon May 30 01:15:07 EDT 2011 pfsense firewalls, they are running as filtering bridges (no nat) main & backup using CARP & RSTP. There are very few firewall rules, mostly this is used for limiting and shaping for a very small hosting facility with a few companies connected. Connectivity is Gbit fiber with 100Mb/s symmetrical service.
A customer has a Proftpd server on Linux and when he tries to upload with PASV his connection is very slow and stalling frequently, most of the time uploads don't complete. An active upload is fine, no stalls, full bandwidth is used, also if a PASV upload is done from a client behind the pfsense fw everything is fine so the Proftpd box seems ok, I have seen his proftpd config and it looks sane.
After some experimentation I have found that setting debug.pfftpproxy = 1 in the system tunables "Disable the pf ftp proxy handler" then PASV uploads work fine. I have some packet captures showing the problem but apart from seeing a great deal of tcp retries they don't shed any light on the problem to me.
I can run with debug.pfftpproxy = 1 for the forseeable future but I thought the problem should be reported, I am able to re-produce the problem on demand and have spare hardware available to debug this.
Andre
-
Can you send me the packet traces at ermal at pfsense.org?