/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Jesper Jensen <[EMAIL PROTECTED]> wrote:
>
> Come on people, havn't anybody here got at least a little idea, to
> what can be wrong?
Sorry, I am a busy critter. Please accept a refund with my compliments.
> The biggest problem is probably that when I download/upload files with
> FTP, and it's big files, the FTP-Client hangs, every time it has ended
> a file, like as if it doesn't close the file or something.
This happens because the FTP program opens two connections, a control
channel, and a data channel. The control channel is used to begin the
transfer, and the data goes over the data channel, while the control
channel sits idle.
For a large download, this idle time on the control channel makes the
masq box think that the channel has been forgotten, and after the
configured timeout period, it silently drops the channel from the list
of masqueraded connections. Your FTP program apparently doesn't
recognize that this could happen, and so it hangs.
I see that you are loading the ip_masq_ftp module. This module is
supposed to mark the control channel as "active" when it recognizes an
FTP transfer in progress, to keep this situation from occurring.
However, I have heard that there is a bug in this module that keeps this
from happening, when Passive connection methods are used. Your FTP
program chooses the connect method, so I can't tell you that that's
what's happening. But it really looks like it.
At any rate, the easy work-around is to increase the TCP-active idle
timeout value. This is a good idea anyway, so that if you have, say, an
inactive telnet session, it won't simply be dropped because you're not
typing anything. Set it to a few hours or so.
# Set masquerade timeouts for idle connections (tcp, tcp-fin, udp)
# Active TCP = 4 hours (14400 sec)
# Finished TCP = 30 sec
# UDP (any) = 5 min (300 sec)
ipchains -M -S 14400 30 300
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
http://www.dallas.net/~fox/ || -- Life Lessons
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
