Re: [m0n0wall] FTP upload problem through monowall

From:	"Hans Mojave" <root1981 at gmail dot com>
To:	"krt" <kkrrtt at gmail dot com>, "Christopher M. Iarocci" <iarocci at eastendsc dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] FTP upload problem through monowall
Date:	Tue, 29 May 2007 08:46:24 +0200
Sorry, i meant TCP of course... Was very late ;)

> The proof of this would exist in the logs.  When the lockup occurs, do you 
> see multiple drops for TCP 21, or whatever port your FTP control session 
> is on?

I`ll check that. Default rule logging was disabled...

----- Original Message ----- 
From: "krt" <kkrrtt at gmail dot com>
To: "Christopher M. Iarocci" <iarocci at eastendsc dot com>
Cc: "Hans Mojave" <root1981 at gmail dot com>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, May 27, 2007 7:03 AM
Subject: Re: [m0n0wall] FTP upload problem through monowall


> Sounds like the small state table problem, where a regular session is 
> being clobbered by the new sessions (each file is a new TCP session in FTP 
> land).  Since m0n0wall is stock tuned for tiny little "my lightbulb 
> consumes more power" routers, this is how it is.
>
> The proof of this would exist in the logs.  When the lockup occurs, do you 
> see multiple drops for TCP 21, or whatever port your FTP control session 
> is on?
>
> FTP itself doesn't use UDP, so there is no issue there (though there might 
> be a trickle of UDP data involved, like DNS queries and maybe backend 
> authentication traffic like RADIUS)
>
>
> Unfortunately, there aren't many ways of working around it at the time 
> being for 1.2 - state table size is supposedly a compile time variable. I 
> hope that we'll see some method of state table size entry method, and 
> perhaps a smarter overload algo in 1.3, where idle time is considered for 
> reaping before session age.
>
>
>
>
>
>
> Christopher M. Iarocci wrote:
>> No solution here, but thought I'd report the same exact problem with 2 
>> separate m0n0walls.  One running 1.23 and the other running 1.3b2.  One 
>> of mine is connected to a cable modem, the other is connected to a Cisco 
>> router that is connected to a 10MB fiber connection.
>>
>> Chris
>>
>>
>> Hans Mojave wrote:
>>> Hi there,
>>>
>>> I´m running monowall 1.3b2 on a Wrap2E, using it as dsl-router... 
>>> (internal 1gbit switched / adsl2+ 16m/1m)
>>>
>>> When i upload many small files to an external ftp server (e.g. typo3 
>>> installation and templates ~1800files) it happens that the ftp 
>>> connection is hanging. This happens round about every 200Files:
>>>
>>> -> File is uploading... Upload speed decreases to 0, ftp connection is 
>>> hanging.
>>>
>>> i have to hard-terminate the tcp session. Reconnect and resume uploading 
>>> the next ~200files with fullspeed .
>>>
>>>
>>> Its not a dsl-modem, ftp-server,dsl-connection or software problem. 
>>> Tested that with Dlink804hv routers, 3 Pcs running different ftp 
>>> software (windows tcp/syn connection limit was removed).
>>> Downloading of many small files is no problem. Also uploading through 
>>> ssl tunnels for example is stable. Uploading big files is no problem at 
>>> all.
>>>
>>> Is there an issue with the often changing data (udp) ports in monowall, 
>>> which is charateristc for ftp?
>>>
>>>
>>> Sorry for bad englisch and best regards
>>> Hans
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>