Re: Problems with FreeBSD

YEEEEEEEEEEEESSSSSSSSSSSSSSS!!!

It's work! With the -C option work fine! :-)

Now, what I need to do to use it without -C? Do I need to change some
option?

The ssh was executed on Linux:

Linux (ssh -C host) -> ASA <- Internet -> FreeBSD
Thanks!

2008/11/4 Brian Whalen <brian@xxxxxxxxxxxxxxx>

Giorgos Keramidas wrote:

On Tue, 4 Nov 2008 11:10:25 -0200, "J MPZ" <joompz@xxxxxxxxx> wrote:


Hi Paul,

When my connections freeze, I open the tcpdump in other terminal. If I
type
something, type "Enter", on the terminal frozen, the tcpdump show
packets,
like that:

11:18:45.526256 IP (tos 0x0, ttl 51, id 651, offset 0, flags [DF],
proto:
TCP (6), length: 112) 189.21.230.195.20787 > 201.57.5.2.2264: P
193:241(48)
ack 0 win 15136 <nop,nop,timestamp 1556398494 745829191,nop,nop,sack 1
{1428:1664}>


[...]



I'm using: tcpdump -nvvv -i ste0 host REMOTE_IP



Can you try capturing the connection setup packets, so we can look at
the TCP MSS negotiation values? Starting TCPDUMP *before* one of the
connections that stall is made should capture that.

There may be an intermediate router or firewall that blocks ICMP and
ends up breaking path MTU discovery. I've seen TCP connections
'stall' when path-mtu was broken by a setup like this and one of the
intermediate routers started dropping TCP packets that were too large
for one of its interfaces.

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@xxxxxxxxxxx"


Since the result set is so big, something else to try may be invoking the
ssh connection with compression on, -C is the flag. THis will allow us to
see if it really isnt working or is just slower than you'd like.

Brian

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: DDOS attack
    ... Connections accepted by "NEW" rule (TCP SYN). ... Only if it triggered on SYN packets. ... You've already done that with ClientConn and ClientRate. ...
    (comp.mail.sendmail)
  • Re: ipfw question
    ... # Pass and log all incoming ftp-data connections. ... ipfw add allow log tcp from any 20 to any in setup keep-state ... This way only the packets related to one of the states will pass ...
    (freebsd-questions)
  • Re: DDOS attack
    ... I seem to confuse this setting with the clientrate setting. ... Connections accepted by "NEW" rule (TCP SYN). ... Seemed to work so far (not sure if it blocked legit packets, ...
    (comp.mail.sendmail)
  • Re: PF slowing down file copies
    ... > For keeping state on TCP connections you should only create state on ... This will prevent problems with TCP windows scaling.. ... pf does know about window scaling and supports it. ... associate the first two packets of the handshake with the state entry. ...
    (freebsd-questions)
  • Re: Panic @r207433: "System call fork returning with the following locks held"
    ... panic: sleeping thread ... data packets ... connections established ... hdac0: attempting to allocate 1 MSI vectors ...
    (freebsd-current)