I'm posting here because maybe ip_conntrack_ftp might have a problem. Or it could be hardware... I have a scenario with 2 firewalls in an active/standby pair, creatively named fw1 and fw2. We recently failed over to fw1 and the problem started about that time. Failing back over to fw2, the problem went away. Sort of. Here's the problem - An AS/400 behind the firewall starts up a batch job running a script that does an ftp mget of several dozen or more files from an ftp site. The mget hangs at random times, sometimes almost immediately, other times after copying as many as a few hundred files. We could reproduce this problem at will when fw1 was the active firewall. Failing over to fw2, mgets on the AS/400 work as expected and have not generated any errors. The problem seems unique to this particular ftp site and fw1. When doing ftp mgets directly on fw1 or fw2, both hang, but only with mgets from the one remote site in question. I can do mgets from several other test sites without error, both with fw1 or fw2 as a destination and routing through fw1 and/or fw2. Both fw1 and fw2 are HP minitowers, about 4 years old by now. I forget the exact hardware models. Fw1 is running kernel 2.6.18 and fw2 uses kernel 2.6.25 or so. Both have identical copies of iptables rules and other config info. I found nothing interesting in /var/log/messages. How do I troubleshoot this? What causes an ftp mget to hang? Thanks - Greg Scott -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
