On Wednesday 2011-04-13 14:06, Greg Scott wrote: >I'm posting here because maybe ip_conntrack_ftp might have a problem. Or it >could be hardware... > >An AS/400 behind the firewall starts up a batch job running a script that does >an ftp mget of several dozen or more files from an ftp site. The mget hangs >at random times, sometimes almost immediately, other times after copying Âas >many as a few hundred files. >[...] >Both fw1 and fw2 are HP minitowers, about 4 years old by now. I forget the >exact hardware models. Fw1 is running kernel 2.6.18 and fw2 uses kernel 2.6.25 >or so. Your posting of "2.6.18" and "2.6.25" and "random times" and "almost immediately" (but not _totally immediately_ which is important) hints towards this being old kernels having a problem with all the *ACK features of TCP. Been there, seen it, and it was resolved by 2.6.25's timeframe even here. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
