Aborted/dead network connections and other oddities
mjessup_at_yahoo.com
Date: 12/30/04
- Previous message: Ray Van Dolson: "pptpd stops responding -- connections stuck in SYN_RECV state."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 30 Dec 2004 10:31:21 -0800
I have run into an odd network quirk. I am running a few slackware 9
machines as web servers and recently they have been aborting
connections, and seemingly locking out machines.
The problems seem to begin when there is a mass file transfer. The
machines have the standard proftpd running that comes with the OS
distribution. It will transfer several file (usually on the order of 20
or 30) and then the connection will abort.
After the connection is aborted the connecting client machine seems to
be locked out of certain services. The first time the problem occurred
I was unable to make an ftp connection, an http connection (the
machines are running apache2), and when attempting to ping I would
recieve "ping transmit failed, error code 1314". However there were no
problems from other machines, and mysteriously I was still able to ssh
into these boxes from the same machine which would not ping them. Then
after a while (an hour or two) all of the problems would "magically"
clear themselves up.
After the ftp began failing I opened up a samba share for transferring
the files. The same behavior occurred. After writing 20 or 30 files
(done through a SAS program to a mapped windows network drive) the
connection would abort and the drive mounted to the samba share would
become disconnected. To make things even more interesting a mass file
copy (50+ files) from a local drive to the mapped drive would complete
succesfully.
The boxes in question are part of a novell network, but are not managed
by novell. Also the same program from above will successfully write all
files to a shared drive managed by novell without error.
Another noted difference is ftp connections seem to "hiccup" when first
connecting, i.e. the control conenction is made quickly, but then the
user prompt from the server takes 5-10 seconds to be sent. Everything I
could find suggested disabling reverse dns and ident lookups on
incoming connections, however doing this has had no effect. I also
tried adding the connecting client machine to the server's hosts file
but that also had no effect. However if an ftp conenction is
established from one of the servers to the error this does not occur.
Two of the machines are on the same subnet and one is not but all 3
exhibit the same behavior.
Also I can not tell if the apparent locking of access is based on IP or
MAC or something completely different. I am at a loss as to the cause
of these problems. I am wondering if this may be some sort of a DoS
prevention built in to the kernel or OS. If it is something in the
client machines connecting, or something that the network is doing to
the packets. The machines making the connections are all wintel (except
for the testing ive done between the different linux boxes).
My current impression is that it is something low level in the TCP/IP
but at this point that is merely a guess. Any ideas about where I might
look to diagnose this problem, log files, config files, etc. or any
utilities such as packet sniffers etc to try and diagnose where things
are going wrong or any ideas about what the actual cause of this is
would be greatly appreciated
- Previous message: Ray Van Dolson: "pptpd stops responding -- connections stuck in SYN_RECV state."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
