FTP passive problems connecting to an outside server
-
We have a simple setup, with a couple of servers.
We are having sporadic problems connecting to external ftp servers while using passive ftp.
It works most of the time but we get random disconnections and when it starts to break I notice the filter.log starts to log these lines:
Sep 5 11:26:50 firewall02 pf: 10.0.99.100.52833 > 213.37.140.XXX.1112: Flags [s], cksum 0x9295 (correct), seq 3033110053, win 5840, options [mss 1460,sackOK,TS val 1946081 ecr 0,nop,wscale 6], length 0 Sep 5 11:26:53 firewall02 pf: 10.0.99.100.52833 > 213.37.140.XXX.1112: Flags [s], cksum 0x8fa7 (correct), seq 3033110053, win 5840, options [mss 1460,sackOK,TS val 1946831 ecr 0,nop,wscale 6], length 0 Sep 5 11:26:59 firewall02 pf: 10.0.99.100.52833 > 213.37.140.XXX.1112: Flags [s], cksum 0x89cb (correct), seq 3033110053, win 5840, options [mss 1460,sackOK,TS val 1948331 ecr 0,nop,wscale 6], length 0 (I changed the XXX on the target IP) We are using the latest snapshot on i386 architecture and we have 3 interfaces, WAN, LAN and OPT1 for CARP... we are not using vlan or multiwan so the setup is faily straight forward... I've seen a bunch of post more or less related to these issues, but none that I could find are conclusive... Any ideas? How can I start troubleshooting this? The target ftp server is out of bounds, as far as debugging goes, and trying from home the connections works perfectly.[/s][/s][/s]
-
Policy routing breaks this at times.
Though it depends even on what snap you ar eon.