[leaf-user] Cant connect to external https site

Lars Fri, 11 Mar 2005 02:07:26 -0800

Hi list!

(Bering 1.1, problem also verified with Bering-uClibc
2.2.3)


I've been buying electronic components for years from
my suppliers webshop. Suddenly, starting last week, I
cannot connect from any local computer to their secure
area (https). My internet bank still works perfectly
and other suppliers webshops also works, and general
web surfing also works as usual with Bering. I
contacted the supplier and they claim that they have
made no change to their webshop system.

There seems to be no data at all being NAT:ed from
their secure area to my local computers. I made some
test with tcpdump when I press the connect button in
my web browser

Connection does not work:
# tcpdump host elfa.se
tcpdump: listening on eth0
09:39:30.587001 xxx.yyy.84.147.1194 > elfa.se.https: S
1118119148:1118119148(0) win 65535 <mss 

1460,nop,nop,sackOK> (DF)
09:39:30.604900 elfa.se.https > xxx.yyy.84.147.1194: S
2629104900:2629104900(0) ack 1118119149 win 32768 <mss


1380,nop,nop,sackOK> (DF)
09:39:30.606431 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 1 win 65535 (DF)
09:39:30.606843 xxx.yyy.84.147.1194 > elfa.se.https: P
1:121(120) ack 1 win 65535 (DF)
09:39:30.629747 elfa.se.https > xxx.yyy.84.147.1194: P
1:80(79) ack 121 win 32768 (DF)
09:39:30.630973 elfa.se.https > xxx.yyy.84.147.1194: P
80:86(6) ack 121 win 32768 (DF)
09:39:30.631847 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 86 win 65450 (DF)
09:39:30.633499 elfa.se.https > xxx.yyy.84.147.1194: P
86:147(61) ack 121 win 32768 (DF)
09:39:30.635528 xxx.yyy.84.147.1194 > elfa.se.https: P
121:1106(985) ack 147 win 65389 (DF)
09:39:30.713990 elfa.se.https > xxx.yyy.84.147.1194: .
ack 1106 win 32768 (DF)
09:39:32.187718 elfa.se.https > xxx.yyy.84.147.1194: P
147:654(507) ack 1106 win 32768 (DF)
09:39:32.195145 elfa.se.https > xxx.yyy.84.147.1194: P
654:2034(1380) ack 1106 win 32768 (DF)
09:39:32.198187 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 2034 win 65535 (DF)
09:39:32.197898 elfa.se.https > xxx.yyy.84.147.1194: P
2034:3414(1380) ack 1106 win 32768 (DF)
09:39:32.225221 elfa.se.https > xxx.yyy.84.147.1194: .
3414:4794(1380) ack 1106 win 32768 (DF)
09:39:32.227529 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 4794 win 65535 (DF)
09:39:32.229098 elfa.se.https > xxx.yyy.84.147.1194: .
4794:6174(1380) ack 1106 win 32768 (DF)
09:39:32.253142 elfa.se.https > xxx.yyy.84.147.1194: .
6174:7554(1380) ack 1106 win 32768 (DF)
09:39:32.255430 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 7554 win 65535 (DF)
09:39:32.265453 elfa.se.https > xxx.yyy.84.147.1194: .
8503:9883(1380) ack 1106 win 32768 (DF)
09:39:32.267712 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 7554 win 65535 <nop,nop,sack sack 1 {8503:9883} >
(DF)
09:39:32.268511 elfa.se.https > xxx.yyy.84.147.1194: .
9883:11263(1380) ack 1106 win 32768 (DF)
09:39:32.270768 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 7554 win 65535 <nop,nop,sack sack 1 {8503:11263} >
(DF)
09:39:32.290157 elfa.se.https > xxx.yyy.84.147.1194: .
11263:12643(1380) ack 1106 win 32768 (DF)
09:39:32.292997 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 7554 win 65535 <nop,nop,sack sack 1 {8503:12643} >
(DF)
09:39:32.292746 elfa.se.https > xxx.yyy.84.147.1194: .
12643:14023(1380) ack 1106 win 32768 (DF)
09:39:32.295213 xxx.yyy.84.147.1194 > elfa.se.https: .
ack 7554 win 65535 <nop,nop,sack sack 1 {8503:14023} >
(DF)


Connection works:
# tcpdump host www.skandiabanken.se
tcpdump: listening on eth0
09:43:42.193333 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: S 1181752056:1181752056(0)
win 65535 <mss 1460,nop,nop,sackOK> (DF)
09:43:42.209103 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: S 2946904773:2946904773(0) ack
1181752057 win 17520 <mss 1460,nop,nop,sackOK> (DF)
09:43:42.211559 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: . ack 1 win 65535 (DF)
09:43:42.211841 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: P 1:106(105) ack 1 win
65535 (DF)
09:43:42.236244 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: . 1:1461(1460) ack 106 win 17415
(DF)
09:43:42.236641 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: P 1461:2178(717) ack 106 win
17415 (DF)
09:43:42.239854 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: . ack 2178 win 65535 (DF)
09:43:42.255086 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: P 106:288(182) ack 2178
win 65535 (DF)
09:43:42.279716 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: P 2178:2221(43) ack 288 win 17233
(DF)
09:43:42.283726 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: P 288:943(655) ack 2221
win 65492 (DF)
09:43:42.302365 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: P 2221:2246(25) ack 943 win 16578
(DF)
09:43:42.323868 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: P 943:1047(104) ack 2246
win 65467 (DF)
09:43:42.347936 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: . 2246:3706(1460) ack 1047 win
16474 (DF)
09:43:42.350027 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: . 3706:5166(1460) ack 1047 win
16474 (DF)
09:43:42.352874 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: . ack 5166 win 65535 (DF)
09:43:42.354149 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: . 5166:6626(1460) ack 1047 win
16474 (DF)
09:43:42.356141 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: P 6626:8069(1443) ack 1047 win
16474 (DF)
09:43:42.358896 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: . ack 8069 win 65535 (DF)
09:43:42.433559 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: . 1047:2507(1460) ack 8069
win 65535 (DF)
09:43:42.435578 xxx.yyy.84.147.1212 >
www.skandiabanken.se.https: P 2507:3817(1310) ack 8069
win 65535 (DF)
09:43:42.465404 www.skandiabanken.se.https >
xxx.yyy.84.147.1212: . ack 3817 win 17520 (DF)

I notice a difference after the first three lines.
Maybe this is not significant?

Shorewall does not log anything so it seems that the
packages are not stopped there.

To verify that there is nothing wrong with my browser
I connected to Internet through my backup connection
with a very simple ISDN router. Everything worked
perfect.

As I understand it every connection that is initiated
from the local zone should flow through the firewall
without problem.

I searched the leaf and shorewall mail archives
without luck.

/Lars Peterson


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Cant connect to external https site

Reply via email to