Connection reset

• Previous message: Ty Williams: "Re: SSH Breakage after Physical Server Move"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 17 Mar 2005 00:20:00 +0800

> Hi,
>
> I installed second FreeBSD (5.4 PR) gateway for the second subnet.
> If I login the first gateway (in front of the second gateway) and use
scp tranfer a iso file (180MB) into the internal LAN of the second
gateway, it is fine. But if the scp file transfer started from winscp of
the first gateway into the internal LAN of the second gateway, the
connection is reset. But I can login to the internal LAN of the second
gateway from this windows using winscp.
>
> The network topology is illustrated as follow:
>
> First Gateway <-> Second Gateway
> | |
> Winscp Internal LAN
>
> that is:
> 192.168.4.254 <-> 192.168.4.200
> | |
> 192.168.4.235 192.168.1.200
>
Sorry I forgot another piece of information.
If winscp connected to 192.168.4.200 (same subnet as winscp), the
transfer is not interrupted. I m wondering whether there is a
mis-configuration of the PF rules in the second gateway.

Sam.

> The PF rules in the second gateway is defined as:
> # pfctl -sn
> nat on fxp0 inet from 192.168.1.0/24 to any -> (fxp0) round-robin
> nat on em0 inet from 192.168.4.0/24 to any -> (em0) round-robin
> root@abc:/usr/local/etc# pfctl -sr
> block drop in log all
> pass in on lo0 all
> pass quick on xl0 proto pfsync all
> pass in on fxp0 inet proto carp from 192.168.4.201 to any keep state
> pass in on em0 inet proto carp from 192.168.1.201 to any keep state
> pass out all keep state
> pass in on em0 proto tcp from any to any port = bootps keep state
> pass in on em0 proto udp from any to any port = bootps keep state
> pass in on em0 proto tcp from any to any port = bootpc keep state
> pass in on em0 proto udp from any to any port = bootpc keep state
> pass in on em0 inet proto tcp from any to 255.255.255.255 keep state
> pass in on em0 inet proto udp from any to 255.255.255.255 keep state
> pass in on em0 inet proto tcp from any to 192.168.1.200 keep state
> pass in on em0 inet proto udp from any to 192.168.1.200 keep state
> pass in on fxp0 inet proto tcp from any to 192.168.4.200 keep state
> pass in on fxp0 inet proto tcp from any to 192.168.1.0/24 keep state
> pass in on fxp0 inet proto udp from any to 192.168.4.200 keep state
> pass in on fxp0 inet proto udp from any to 192.168.1.0/24 keep state
> pass in on fxp0 inet proto tcp from 192.168.4.201 to 192.168.4.200
port = ssh flags S/SA keep state
> pass in on em0 inet proto tcp from 192.168.1.201 to 192.168.1.200
port = ssh flags S/SA keep state
>
> netstat of the second gateway shown:
> # netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif
Expire
> default 192.168.4.254 UGS 0 4 fxp0
> 127.0.0.1 127.0.0.1 UH 0 0 lo0
> 192.168.1 link#2 UC 0 7 em0
> 192.168.1.1 192.168.1.1 UH 0 0 carp1
> 192.168.4 link#3 UC 0 0 fxp0
> 192.168.4.1 192.168.4.1 UH 0 0 carp0
> 192.168.4.235 00:09:6b:8d:b2:67 UHLW 0 125373 fxp0
  1145
>
> The netstat shown in the first gateway is:
> > netstat -rn
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Netif
Expire
> default 211.100.202.1 UGS 0 1052767 tun0
> 127.0.0.1 127.0.0.1 UH 0 12584 lo0
> 172.16/24 link#10 UC 0 0 tap0
> 172.16.0.255 ff:ff:ff:ff:ff:ff UHLWb 0 1019 tap0
> 192.168.1 192.168.4.1 UGS 0 335066 fxp1
> 192.168.4 link#2 UC 0 0 fxp1
> 192.168.4.1 00:00:5e:00:01:01 UHLW 1 0 fxp1
   413
> 192.168.4.200 00:11:11:0f:95:43 UHLW 0 615 fxp1
   366
> 192.168.4.235 00:09:6b:8d:b2:67 UHLW 0 3963 fxp1
  1195
> 192.168.4.254 00:02:b3:0b:3c:d1 UHLW 0 44738 lo0
> 192.168.4.255 ff:ff:ff:ff:ff:ff UHLWb 0 1019 fxp1
> 221.126.232.1 221.126.232.37 UH 1 0 tun0
>
> static route in the first gateway (defined in rc.conf):
> static_routes="internalnet1"
> route_internalnet1="-net 192.168.1.0/24 192.168.4.1"
>
> Any suggestion of how to alter the configuration?
> I may be need to use a unix version of scp instead of winscp to make
another attempt of file transfer from the same client IP, but lack of
machine to do so at the moment.
>
> Thanks
> Sam

• Previous message: Ty Williams: "Re: SSH Breakage after Physical Server Move"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: WAN LAN 2 Nics ... On the client machines set default gateway to ... the public gateway 68.153.xxx.xxx ... > internal lan can connect to server and internet. ... (microsoft.public.windows.server.networking) Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Ass ... Netmask: the usual ... The symantec gateway router's ip address is 192.168.100.1 = internal LAN. ... Troubleshooting Client Authentication on Access Rules in ISA Server 2004http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d- ... ... (microsoft.public.windows.server.networking) Re: How to enable communication between Two different lans (subnets)/ domains 2003 server based? Ass ... Netmask: the usual ... Interface: I chose internal lan, but there is also wan1, wan2 ... The symantec gateway router's ip address is 192.168.100.1 = internal LAN. ... (microsoft.public.windows.server.networking) Re: [SLE] 2 nics an gateway address ... you don't have more specific route for packet to be ... gateway pointing to say Internet (specific next hop IP ... I two nics in my linux ... > default gateway setup an there fore the internal lan ... (SuSE) Re: connection reset on winscp file transfer ... > I installed second FreeBSD gateway for the second subnet. ... > If I login the first gateway (in front of the second gateway) and use ... > gateway from this windows using winscp. ... (comp.unix.bsd.freebsd.misc)