active ftp problem
Olivier Baudron
Olivier.Baudron@ens.fr
Sat, 22 Jul 2000 00:16:08 +0200
I use iptables-1.1.1 and linux-2.4.0-test5-pre3.
When transfering data to my PC via active ftp, what happens is that:
22:43:16.918740 server.ftp-data > client.1030: S # Ok.
22:43:16.918837 client.1030 > client.ftp-data: S ack # Ok.
22:43:16.953514 server.ftp-data > client.1030: 1:1(0) ack # Bloked (why?)
22:43:17.217270 server.ftp-data > client.1030: P 1:1461(1460) ack 1 #Blocked
22:43:20.034695 server.ftp-data > client.1030: . 1:1461(1460) ack 1 #Blocked
22:43:20.714988 client.1030 > server.ftp-data: S ack 3361762670 # Ok
22:43:20.753047 server.ftp-data > client.1030: . 1461:1461(0) ack # Ok
And then everything goes ok, even the first data segment which is retransmit
and accepted.
But I don't understand why the third packet of the handshake and the first
data segment are blocked at the beginning. It introduces a 3 seconde delay
which is easily visible when typing 'ls' in the ftp session. In my
configuration I accept RELATED and ESTABLISHED packets.
The point is that this problem does not occur with 2.4.0-test2 kernel.
loaded modules are:
ipt_limit 1052 1 (autoclean)
ipt_LOG 3156 1 (autoclean)
ipt_state 808 1 (autoclean)
iptable_filter 1896 0 (autoclean) (unused)
ip_conntrack_ftp 2144 0 (unused)
ip_conntrack 18716 2 [ipt_state ip_conntrack_ftp]
ip_tables 12564 4 [ipt_limit ipt_LOG ipt_state iptable_filter]
Can someone reproduces this "bug" (if it is one) ?
Olivier.