Dear all
I got a funny "feature" on a solaris 10 box. It is exactly behaving as
Thierry Bingen described in his mail to this list on 2008-10-21.
Unfortunately no one has ever replied to this call for help.
I try to describe the same phenomenon a bit less verbose:
- The Box is a solaris 10 running on a Sun-Fire-480R
- The rule is "rdr ce0 from any to XXX.XXX.XXX.XXX/32 port = ldap ->
XXX.XXX.XXX.XXX port 1389 tcp" (a redirect of port 389 to port 1389 on
the same box).
When doing a telnet to the port I get a hit to this rule and session
information:
RDR XXX.XXX.XXX.XXX 1389 <- -> XXX.XXX.XXX.XXX 389
[YYY.YYY.YYY.YYY 28228]
age 1266 use 0 sumd 0x3e8/0 pr 6 bkt 287/1334 flags 1
ifp @,@ bytes 48/0 pkts 1/0 ipsumd 0
So the reply (in the tcp handshake) seems to have lost somewhere. The
funny part starts right now:
As soon as I start snoop (even something stupid as "snoop -P -d ce0
port 389 and not port 389") anything starts to work as expected. As
soon as I stop snoop the "working as expected"-feature is gone.
A session dump does then typically look like this:
RDR XXX.XXX.XXX.XXX 1389 <- -> XXX.XXX.XXX.XXX 389
[YYY.YYY.YYY.YYY 25464]
age 1674 use 0 sumd 0x3e8/0 pr 6 bkt 1617/617 flags 1
ifp @,@ bytes 88/48 pkts 2/1 ipsumd 0
Does anyone know what feature snoop enable which causes the rule to work?
Any help would be greatly apreciated.
Martin
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
