I have a problem in that a few web sites are failing to come up. One is
www.terraserver.com. AFAICT, this is some strange SNAT problem. There
is nothing in my logs at all.
This is becoming a real problem. We need access to terraserver, and
that's one of the sites that's being blocked. I've checked with my ISP;
they can access this web site just fine.
The machine in question is a RH 7.2 box, 2.4.17 kernel, iptables 1.2.5.
Here's a dump of the conversation (the browser just sits there and
nothing comes up). Could someone please look at this and tell me if
this is normal, and if not, what thsi means? I am not a tcp/http guru
by any means.
tcpdump -i ppp0 host terraserver.com
tcpdump: listening on ppp0
10:23:02.363758 63.71.113.29.37039 > 64.132.109.114.http: S
1071055096:1071055096(0) win 5840 <mss 1460,sackOK,timestamp 120828834
0,nop,wscale 0> (DF)
10:23:02.489636 64.132.109.114.http > 63.71.113.29.37039: S
1821562746:1821562746(0) ack 1071055097 win 17520 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
10:23:02.489956 63.71.113.29.37039 > 64.132.109.114.http: . ack 1 win
5840 <nop,nop,timestamp 120828847 0> (DF)
10:23:02.490566 63.71.113.29.37039 > 64.132.109.114.http: P 1:443(442)
ack 1 win 5840 <nop,nop,timestamp 120828847 0> (DF)
10:23:03.371850 63.71.113.29.37039 > 64.132.109.114.http: P 1:443(442)
ack 1 win 5840 <nop,nop,timestamp 120828935 0> (DF)
10:23:03.499648 64.132.109.114.http > 63.71.113.29.37039: . ack 443 win
17078 <nop,nop,timestamp 1649901 120828935> (DF)
10:23:11.459636 64.132.109.114.http > 63.71.113.29.37039: .
1449:1461(12) ack 443 win 17078 <nop,nop,timestamp 1649980 120828935> (DF)
10:23:11.459943 63.71.113.29.37039 > 64.132.109.114.http: . ack 1 win
5840 <nop,nop,timestamp 120829744 0,nop,nop,sack sack 1 {1449:1461} > (DF)
10:23:18.019638 64.132.109.114.http > 63.71.113.29.37039: .
1449:1461(12) ack 443 win 17078 <nop,nop,timestamp 1650046 120829744> (DF)
10:23:18.019956 63.71.113.29.37039 > 64.132.109.114.http: . ack 1 win
5840 <nop,nop,timestamp 120830400 0,nop,nop,sack sack 2
{1449:1461}{1449:1461} > (DF)
10:23:36.619649 64.132.109.114.http > 63.71.113.29.37039: .
1449:1461(12) ack 443 win 17078 <nop,nop,timestamp 1650232 120830400> (DF)
10:23:36.619908 63.71.113.29.37039 > 64.132.109.114.http: . ack 1 win
5840 <nop,nop,timestamp 120832260 0,nop,nop,sack sack 2
{1449:1461}{1449:1461} > (DF)
10:23:42.189636 64.132.109.114.http > 63.71.113.29.37039: .
2909:2921(12) ack 443 win 17078 <nop,nop,timestamp 1650288 120832260> (DF)
10:23:42.189955 63.71.113.29.37039 > 64.132.109.114.http: . ack 1 win
5840 <nop,nop,timestamp 120832817 0,nop,nop,sack sack 2
{2909:2921}{1449:1461} > (DF)
This seems to repeat with minor variations for ever.
TIA,
--Yan
