Hey guys, I captured an http:// request to another apache server in the inside and this is what I got. Right away I noticed the 'www' next to serversname instead of the 'http' on the other-one.
20:03:08.871746 eth0 < 192.168.10.100.4888 > anotherapacheserver.domain.www: . 334:334(0) ack 198 win 20691 (DF) 20:03:08.872717 eth0 < 192.168.10.100.4889 > anotherapacheserver.domain.com.www: . 239:239(0) ack 528 win 20361 (DF) 20:03:08.872872 eth0 < 192.168.10.100.4887 > anotherapacheserver.domain.com.www: . 773:773(0) ack 391 win 20498 (DF) ... for comparison only. > 19:04:02.190346 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) Can you make anything out of this finding? Rafael. ----- Original Message ----- From: "J. Rafael S�nchez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 7:58 PM Subject: Re: (clug-talk )More info... Apache server [INTRANET] from outside firewall... > Here's some additional info based on feedback I've received from Michael and > Curtis... > > tcpdump capture from apache server while pinging from remote client while > also executing an http:// request. It looks like the apache server is > receiving the request but it's not acknowledging it ... /dev/null bucket? > > 19:03:29.856250 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:35.085713 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:40.096252 192.168.10.100 > apacheserver.domain.com: icmp: echo request > 19:03:45.097648 192.168.10.100 > apacheserver.domain.com: icmp: echo request > > Now, the http request entry here... I'm not sure what's going on! Do you > guys? As you can see it's receiving the packet from the correct box > 192.168.10.100 but I dunno what's doing with it. Nor the icmp request for > that matter. > > 19:04:02.190346 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > 19:04:05.132444 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > 19:04:11.142748 192.168.10.100.4829 > apacheserver.domain.com.http: S > 703528395:703528395(0) win 20888 <mss 1372,nop,nop,sackOK> (DF) > > You tell me what you make out of this one here. It does not appear to be > running Iptables, does it? > ========================================================== > [EMAIL PROTECTED] root]# iptables --list -t nat -v > > Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) > ======================================================= > REMOTELY FROM VPN CLIENT - winxp home. > C:\ route print > =========================================================================== > Interface List > 0x1 ........................... MS TCP Loopback interface > 0x2 ...00 c0 f0 40 7e e0 ...... VENDOR PCI Fast Ethernet Adapter (Generic) - > Packet Scheduler Miniport > 0x3 ...00 60 73 eb 6f 49 ...... FIREWALLVENDOR VPN Adapter - Packet > Scheduler Miniport > =========================================================================== > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.100 20 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.10.0 255.255.255.0 192.168.10.100 192.168.10.100 20 > 192.168.10.100 255.255.255.255 127.0.0.1 127.0.0.1 20 > 192.168.10.255 255.255.255.255 192.168.10.100 192.168.10.100 20 > 192.168.173.0 255.255.255.0 192.168.10.1 192.168.10.100 1 > xxx.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.100 1 > 224.0.0.0 240.0.0.0 192.168.10.100 192.168.10.100 20 > 255.255.255.255 255.255.255.255 192.168.10.100 192.168.10.100 1 > 255.255.255.255 255.255.255.255 192.168.10.100 3 1 > Default Gateway: 192.168.10.1 > =========================================================================== > Persistent Routes: None > > SOME NOTES: > VENDOR PCI = substituted for real ethernet adaptor. > FIREWALLVENDOR = substituted for real firewall vendor name > xxx.xxx.xxx.xxx = substituted for real fully routeable ip address [firewall > ip address] > 192.168.10.x = my client subnet > Default Gateway = dsl/router of the shelf box. > Version of Apache running: apache-1.3.23-11 on Red Hat 7.3 > > > Thanks again guys... > Rafael. > > > ----- Original Message ----- > From: "Michael Petch" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, September 16, 2003 6:30 PM > Subject: Re: (clug-talk) Not able to see apache server [INTRANET] > fromoutside firewall... >
