Connection refused *.openbsd.org

Fri, 06 Nov 2015 03:17:25 -0800 

Hi all

Since I upgraded my gateway / filter to an APU1D running 5.8-stable,
I've been getting "connection refused" every time I try to access
www.openbsd.org or ftp.openbsd.org.

- the gateway gets its connection from a ONT, via a switch which does
        some vlan splitting (VoIP and IPTV vlans are sent elsewhere). The
        problem persists if the gateway is connected straight to the ONT, with
        no switch involved.

- this behaviour hasn't been seen with any other website, and
        connections to "neighbouring" IPs (e.g. 129.128.5.190 and .193) work.

- pings and traceroutes are ok (see below)

- if I connect a MacBook to the ONT everything works fine there

- Everything worked fine with the previous setup (Soekris net4801
        running 5.7-stable) with a pf ruleset that is essentially the same
        (minor changes to ifnames).

- pf doesn't seem to be the culprit, as the problem persists even if
        "pfctl -d" briefly (see below). Also, all block rules are logged and
        nothing shows up on pflog0

Can anyone help me debug this further? What am I missing?

TIA
Zé

-- 

All following commands were ran on the gateway:

# ping -c 2 www.openbsd.org
PING www.openbsd.org (129.128.5.194): 56 data bytes
64 bytes from 129.128.5.194: icmp_seq=0 ttl=237 time=161.053 ms
64 bytes from 129.128.5.194: icmp_seq=1 ttl=237 time=156.808 ms
--- www.openbsd.org ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 156.808/158.930/161.053/2.159 ms


$ traceroute -n www.openbsd.org
traceroute to www.openbsd.org (129.128.5.194), 64 hops max, 40 byte packets
 1  * * *
 2  213.30.93.21  2.734 ms  7.096 ms  2.708 ms
 3  195.10.57.1  2.38 ms  2.513 ms  2.232 ms
 4  195.2.30.234  107.715 ms  113.575 ms  106.362 ms
 5  195.2.30.242  104.771 ms  106.121 ms  106.139 ms
 6  195.2.24.154  34.062 ms  34.054 ms  35.029 ms
 7  195.2.27.249  106.025 ms  105.684 ms  107.137 ms
 8  198.32.118.16  108.458 ms  109.071 ms  106.873 ms
 9  66.163.74.22  109.272 ms  109.033 ms  110.187 ms
10  66.163.77.153  120.601 ms  120.061 ms  119.916 ms
11  66.163.73.178  139.284 ms  142.777 ms  138.417 ms
12  66.163.73.198  140.142 ms  141.428 ms  139.363 ms
13  66.163.70.34  155.431 ms  155.313 ms  156.591 ms
14  66.163.70.2  154.882 ms  154.304 ms  154.325 ms
15  208.118.70.130  158.266 ms  156.794 ms  157.025 ms
16  129.128.0.50  157.345 ms  157.001 ms  157.51 ms
17  129.128.0.55  158.45 ms  156.856 ms  156.796 ms
18  129.128.5.194  156.129 ms  156.31 ms  158.011 ms


$ nc -z www.openbsd.org 80; echo $?
1


# pfctl -d; nc -z www.openbsd.org 80; echo $?; pfctl -e
pf disabled
1
pf enabled


$ tcpdump -ntvvqX -s 1440 -i vlan100 host www.openbsd.org
tcpdump: listening on vlan100, link-type EN10MB
93.108.49.203.1494 > 129.128.5.194.80: tcp 0 (DF) (ttl 64, id 34270, len 64, 
bad ip cksum 0! -> 9e60)
  0000: 4500 0040 85de 4000 4006 0000 5d6c 31cb  E..@..@.@...]l1.
        0010: 8180 05c2 05d6 0050 7a81 c78b 0000 0000  .......Pz.......
        0020: b002 4000 16ac 0000 0204 05b4 0101 0402  ..@.............
        0030: 0103 0303 0101 080a 76d2 bf28 0000 0000  ........v..(....
                                
129.128.5.194.80 > 93.108.49.203.1494: tcp 0 (DF) (ttl 46, id 50390, len 40)
        0000: 4500 0028 c4d6 4000 2e06 7180 8180 05c2 E..([email protected].....
        0010: 5d6c 31cb 0050 05d6 0000 0000 7a81 c78c ]l1..P......z...
        0020: 5014 0000 5123 0000 0000                 P...Q#....

Reply via email to