Re: Help with strange web server problem
Path MTU problem? That would be my vote also. Ted I've done some more troubleshooting and some strange things have appeared. First, the colo says there is NO proxy, and NO firewall in front of this server. I captured a misfire on both the server and on my freebsd gateway. The two traffic flows don't seem to quite line up. First, here is the view from the server: www# tcpdump - -vvv -A port 80 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-15 22:18:11.014600 IP (tos 0x0, ttl 110, id 10713, offset 0, flags [DF], length: 48) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 mss 1260,nop,nop,sackOK E..0)[EMAIL PROTECTED]QG...?.d,.i.Pc...p..._... 2006-02-15 22:18:11.014650 IP (tos 0x0, ttl 64, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (-9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED]@..2?.d,GP.i\?c.c...p... 2006-02-15 22:18:11.060824 IP (tos 0x0, ttl 110, id 10715, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: . [tcp sum ok] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]WG...?.d,.i.Pc...P..X.. 2006-02-15 22:18:11.060837 IP (tos 0x0, ttl 64, id 60576, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.065196 IP (tos 0x0, ttl 110, id 10716, offset 0, flags [DF], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: . [tcp sum ok] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED]VG...?.d,.i.Pc..qP..X.. 2006-02-15 22:18:11.065208 IP (tos 0x0, ttl 64, id 4488, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@...?.d,GP.iP... 2006-02-15 22:18:11.069569 IP (tos 0x0, ttl 110, id 10717, offset 0, flags [DF], length: 426) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: P 1:387(386) ack 1086692403 win 64856 E...)[EMAIL PROTECTED].G...?.d,.i.Pc...P..X'1..GET / HTTP/1.1 Accept: image/gif, image/x 2006-02-15 22:18:11.069579 IP (tos 0x0, ttl 64, id 40159, offset 0, flags [DF], length: 40) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: R [bad tcp cksum a4b8 (-5e83)!] 2634350593:2634350593(0) win 0 E..([EMAIL PROTECTED]@..R?.d,GP.iP... 2006-02-15 22:18:14.014594 IP (tos 0x0, ttl 64, id 12734, offset 0, flags [DF], length: 48) www.musiclodge.com.http c-71-199-184-251.hsd1.ga.comcast.net.3945: S [bad tcp cksum a4c0 (-9a1f)!] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED]@.dl?.d,GP.i\?c.c...p... 2006-02-15 22:18:14.073367 IP (tos 0x0, ttl 110, id 10734, offset 0, flags [none], length: 40) c-71-199-184-251.hsd1.ga.comcast.net.3945 www.musiclodge.com.http: R [tcp sum ok] 1671172335:1671172335(0) win 0 Next, here is the view from the gateway (time is off on that one): beta# tcpdump - -vvv -A port 80 and host 63.175.100.44 tcpdump: listening on xl0, link-type EN10MB (Ethernet), capture size 96 bytes 2006-02-16 03:29:02.970756 IP (tos 0x0, ttl 128, id 10713, offset 0, flags [DF], length: 48) atllapjbell1.iss.local.3945 www.musiclodge.com.http: S [tcp sum ok] 1671172334:1671172334(0) win 64512 mss 1260,nop,nop,sackOK E..0)[EMAIL PROTECTED],.i.Pc...p... 2006-02-16 03:29:03.016989 IP (tos 0x0, ttl 32, id 0, offset 0, flags [DF], length: 40) www.musiclodge.com.http atllapjbell1.iss.local.3945: S [tcp sum ok] 2634350592:2634350592(0) ack 1671172335 win 64512 E..([EMAIL PROTECTED] ...?.d,.P.ic...P...-p.. 2006-02-16 03:29:03.017099 IP (tos 0x0, ttl 45, id 34040, offset 0, flags [DF], length: 48) www.musiclodge.com.http atllapjbell1.iss.local.3945: S [tcp sum ok] 1547658190:1547658190(0) ack 1671172335 win 65535 mss 1460,nop,nop,sackOK [EMAIL PROTECTED],.P.i\?c.c...p... 2006-02-16 03:29:03.017963 IP (tos 0x0, ttl 128, id 10715, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 www.musiclodge.com.http: . [tcp sum o k] 1:1(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc...P..X,. 2006-02-16 03:29:03.018308 IP (tos 0x0, ttl 128, id 10716, offset 0, flags [DF], length: 40) atllapjbell1.iss.local.3945 www.musiclodge.com.http: . [tcp sum o k] 387:387(0) ack 1086692403 win 64856 E..()[EMAIL PROTECTED],.i.Pc..qP..X*. 2006-02-16 03:29:03.018794 IP (tos 0x0, ttl 128, id 10717, offset 0, flags [DF],
Re: Help with strange web server problem
Jerry Bell wrote: [ ... ] I've done some more troubleshooting and some strange things have appeared. First, the colo says there is NO proxy, and NO firewall in front of this server. That's believable too, perhaps you simply have a NIC which is failing or is screwing up the packet checksums in some odd case. You would have to sniff the traffic from another machine (perhaps a sysadmin's laptop?) and grab the full packets (-s 0 to tcpdump to be sure. Have you tried swapping NICs or adding a PCI NIC card? BTW: 1671172334:1671172334(0) win 64512 mss 1260,nop,nop,sackOK This is not quite enough data to tell, but this looks like maybe you're seeing the IPv6 MSS of 1260 rather than what I get by default (1460?) under FreeBSD? Of course, it could just be a Windows client machine or something going through something like a VPN/PPTP tunnel which reduces the MTU...? What happens if you reduce your interface MTU to 1260? You ought to be looking for all traffic between your server and a test host, BTW, sometimes the ICMP traffic, if any, is important to understanding the issue. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Help with strange web server problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Help with strange web server problem
The Path MTU problem was fixed 2 years ago. You are beating a dead horse going down that path. My money is on your firewall rules. Debugging problems like this is a process of elimination. First thing is to remove your ipfw firewall from the system. If you complied ipfw into your kernel then recompile to remove it totally. Then test to see if problem is still happening. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry Bell Sent: Tuesday, February 14, 2006 6:04 AM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem What's the best way to go about verifying and fixing that? I have several other BSD servers on the same subnet in that colo that aren't having the problem. Many thanks for your help! Jerry Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Swiger Sent: Monday, February 13, 2006 11:41 AM To: Jerry Bell Cc: freebsd-questions@freebsd.org Subject: Re: Help with strange web server problem On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? That would be my vote also. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help with strange web server problem
It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. I'm running 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Aug 18 (built from the stable source as of that day). I'm using apache 1.3.34. I was on 1.3.33 and rebuilt the port to see if that was the problem. I'm not sure if this is an apache problem or a FreeBSD problem. Any suggestions on further troubleshooting or known issues? Thank you! Jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
I think Ive seen this before too... Is it possible that FreeBSD spins down the hard drive after inactivity, and the server doesn't always spin up the HD with a network request like this? On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. I'm running 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Aug 18 (built from the stable source as of that day). I'm using apache 1.3.34. I was on 1.3.33 and rebuilt the port to see if that was the problem. I'm not sure if this is an apache problem or a FreeBSD problem. Any suggestions on further troubleshooting or known issues? Thank you! Jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
It's certainly possible. This is a Dell PE 750, and I didn't do anything in bios or in FreeBSD to enable that, so I'm thinking it might not be that, but I'll investigate it. Thanks! Jerry I think Ive seen this before too... Is it possible that FreeBSD spins down the hard drive after inactivity, and the server doesn't always spin up the HD with a network request like this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. I'm running 5.4-STABLE FreeBSD 5.4-STABLE #0: Thu Aug 18 (built from the stable source as of that day). I'm using apache 1.3.34. I was on 1.3.33 and rebuilt the port to see if that was the problem. I'm not sure if this is an apache problem or a FreeBSD problem. Any suggestions on further troubleshooting or known issues? Thank you! Jerry On a couple of occasions, I've had a similar problem that was the result of Apache having multiple processes running, and 1 of the running processes was failing while all the others were okay. Try refreshing about 20 times and see if the problem comes and goes or if it only occurs on the first connection. In any event, restarting Apache fixed the problem for me. -- Ken Stevenson Allen-Myland Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
So ACPI is disabled? On Feb 13, 2006, at 2:37 PM, Jerry Bell wrote: It's certainly possible. This is a Dell PE 750, and I didn't do anything in bios or in FreeBSD to enable that, so I'm thinking it might not be that, but I'll investigate it. Thanks! Jerry I think Ive seen this before too... Is it possible that FreeBSD spins down the hard drive after inactivity, and the server doesn't always spin up the HD with a network request like this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. The details would help. :-) Or you could tell us what the server is so we could try hitting it ourselves... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Thanks! On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. The details would help. :-) Or you could tell us what the server is so we could try hitting it ourselves... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 Aug 29 12:04:46 www kernel: pci3: ACPI PCI bus on pcib3 Aug 29 12:04:46 www kernel: em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on pci3 Aug 29 12:04:46 www kernel: em1: Ethernet address: 00:12:3f:ec:f4:91 Aug 29 12:04:46 www kernel: em1: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pci3: display, VGA at device 14.0 (no driver attached) Aug 29 12:04:46 www kernel: isab0: PCI-ISA bridge at device 31.0 on pci0 Aug 29 12:04:46 www kernel: isa0: ISA bus on isab0 Aug 29 12:04:46 www kernel: atapci0: Intel 6300ESB SATA150 controller port 0xfea0-0xfeaf,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 31.2 on pci0 Aug 29 12:04:46 www kernel: ata0: channel #0 on atapci0 Aug 29 12:04:46 www kernel: ata1:
Re: Help with strange web server problem
I'm hardly on expert on these sorts of things, but I *believe* that ACPI is responsible for power management stuff, including possibly spinning down your hard drive after inactivity. Try restarting with ACPI enabled (which you can do on your boot menu), or disable ACPI within your BIOS for a while to see if this helps.. certainly can't hurt to try. On Feb 13, 2006, at 3:15 PM, Jerry Bell wrote: So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,P GE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 Aug 29 12:04:46 www kernel: pci3: ACPI PCI bus on pcib3 Aug 29 12:04:46 www kernel: em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on pci3 Aug 29 12:04:46 www kernel: em1: Ethernet address: 00:12:3f:ec:f4:91 Aug 29 12:04:46
Re: Help with strange web server problem
I will give that a try. Thank you for your help! Jerry I'm hardly on expert on these sorts of things, but I *believe* that ACPI is responsible for power management stuff, including possibly spinning down your hard drive after inactivity. Try restarting with ACPI enabled (which you can do on your boot menu), or disable ACPI within your BIOS for a while to see if this helps.. certainly can't hurt to try. On Feb 13, 2006, at 3:15 PM, Jerry Bell wrote: So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,P GE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0 Aug 29 12:04:46 www kernel: pci3: ACPI PCI bus on pcib3 Aug 29 12:04:46 www kernel: em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xdcc0-0xdcff mem 0xfdee-0xfdef irq 21 at device 2.0 on
Re: Help with strange web server problem
Some software (such as VMWare) will only work with ACPI disabled anyway. Even in our Mac labs here, we disable all Energy Saver settings - it just isn't worth the hassle, especially when there isn't much to gain on a Desktop machine, IMHO. On Feb 13, 2006, at 3:21 PM, Jerry Bell wrote: I will give that a try. Thank you for your help! Jerry I'm hardly on expert on these sorts of things, but I *believe* that ACPI is responsible for power management stuff, including possibly spinning down your hard drive after inactivity. Try restarting with ACPI enabled (which you can do on your boot menu), or disable ACPI within your BIOS for a while to see if this helps.. certainly can't hurt to try. On Feb 13, 2006, at 3:15 PM, Jerry Bell wrote: So ACPI is disabled? I'm assuming it's enabled. Can that be a problem? Aug 29 12:04:46 www syslogd: kernel boot file is /boot/kernel/kernel Aug 29 12:04:46 www kernel: Copyright (c) 1992-2005 The FreeBSD Project. Aug 29 12:04:46 www kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 29 12:04:46 www kernel: The Regents of the University of California. All rights reserved. Aug 29 12:04:46 www kernel: FreeBSD 5.4-STABLE #0: Thu Aug 18 07:49:41 UTC 2005 Aug 29 12:04:46 www kernel: [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Aug 29 12:04:46 www kernel: Timecounter i8254 frequency 1193182 Hz quality 0 Aug 29 12:04:46 www kernel: CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2800.12-MHz 686-class CPU) Aug 29 12:04:46 www kernel: Origin = GenuineIntel Id = 0xf41 Stepping = 1 Aug 29 12:04:46 www kernel: Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR ,P GE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,P BE Aug 29 12:04:46 www kernel: Hyperthreading: 2 logical CPUs Aug 29 12:04:46 www kernel: real memory = 536608768 (511 MB) Aug 29 12:04:46 www kernel: avail memory = 515444736 (491 MB) Aug 29 12:04:46 www kernel: ACPI APIC Table: DELL PE750 Aug 29 12:04:46 www kernel: ioapic0: Changing APIC ID to 2 Aug 29 12:04:46 www kernel: ioapic1: Changing APIC ID to 3 Aug 29 12:04:46 www kernel: ioapic0 Version 2.0 irqs 0-23 on motherboard Aug 29 12:04:46 www kernel: ioapic1 Version 2.0 irqs 24-47 on motherboard Aug 29 12:04:46 www kernel: npx0: math processor on motherboard Aug 29 12:04:46 www kernel: npx0: INT 16 interface Aug 29 12:04:46 www kernel: acpi0: DELL PE750 on motherboard Aug 29 12:04:46 www kernel: acpi0: Power Button (fixed) Aug 29 12:04:46 www kernel: Timecounter ACPI-fast frequency 3579545 Hz quality 1000 Aug 29 12:04:46 www kernel: acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 Aug 29 12:04:46 www kernel: cpu0: ACPI CPU on acpi0 Aug 29 12:04:46 www kernel: pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 Aug 29 12:04:46 www kernel: pci0: ACPI PCI bus on pcib0 Aug 29 12:04:46 www kernel: pcib1: ACPI PCI-PCI bridge at device 3.0 on pci0 Aug 29 12:04:46 www kernel: pci1: ACPI PCI bus on pcib1 Aug 29 12:04:46 www kernel: em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 0xece0-0xecff mem 0xfe2e-0xfe2f irq 18 at device 1.0 on pci1 Aug 29 12:04:46 www kernel: em0: Ethernet address: 00:12:3f:ec:f4:90 Aug 29 12:04:46 www kernel: em0: Speed:N/A Duplex:N/A Aug 29 12:04:46 www kernel: pcib2: ACPI PCI-PCI bridge at device 28.0 on pci0 Aug 29 12:04:46 www kernel: pci2: ACPI PCI bus on pcib2 Aug 29 12:04:46 www kernel: aac0: Dell CERC SATA RAID 2 mem 0xf400-0xf7ff irq 24 at device 1.0 on pci2 Aug 29 12:04:46 www kernel: aac0: Unknown processor 100MHz, 48MB cache memory, optional battery not installed Aug 29 12:04:46 www kernel: aac0: Kernel 4.1-0, Build 7406, S/N c540d4 Aug 29 12:04:46 www kernel: aac0: Supported Options=1097cWCACHE,DATA64,HOSTTIME,RAID50,WINDOW4GB,SOFTERR,ALARM Aug 29 12:04:46 www kernel: uhci0: UHCI (generic) USB controller port 0xcce0-0xccff irq 16 at device 29.0 on pci0 Aug 29 12:04:46 www kernel: usb0: UHCI (generic) USB controller on uhci0 Aug 29 12:04:46 www kernel: usb0: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub0: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: uhci1: UHCI (generic) USB controller port 0xccc0-0xccdf irq 19 at device 29.1 on pci0 Aug 29 12:04:46 www kernel: usb1: UHCI (generic) USB controller on uhci1 Aug 29 12:04:46 www kernel: usb1: USB revision 1.0 Aug 29 12:04:46 www kernel: uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 Aug 29 12:04:46 www kernel: uhub1: 2 ports with 2 removable, self powered Aug 29 12:04:46 www kernel: pci0: base peripheral at device 29.4 (no driver attached) Aug 29 12:04:46 www kernel: pci0: base peripheral, interrupt controller at device 29.5 (no driver attached) Aug 29 12:04:46 www kernel: pci0: serial bus, USB at device 29.7 (no driver attached) Aug 29 12:04:46 www kernel: pcib3: ACPI PCI-PCI bridge at device 30.0 on pci0
Re: Help with strange web server problem
On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote:
I didn't want to spam the link out, but it's www.musiclodge.com. I
will
gather the capture data from working and non working sessions and
send it
out.
Well, I can confirm the behavior you've described.
It looks somewhat like a stateful firewall or is in the way and is
generating an RST, even while your webserver tries to generate a
response. However, once the firewall sees the outbound traffic, it
seems to create a dynamic rule which lets the traffic from subsequent
connections through:
5-pan# tcpdump -tnXs 0 host www.musiclodge.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
IP 199.103.21.238.50740 63.175.100.44.80: S 2282569549:2282569549
(0) win 65535 mss 1460,nop,wscale 0,nop,nop,timestamp 1159441862 0
0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..[EMAIL PROTECTED]@.s
(.g..
0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?
M
0x0020: a002 815f 0204 05b4 0103
0300 ._..
0x0030: 0101 080a 451b adc6 E...
IP 63.175.100.44.80 199.103.21.238.50740: S 2634350592:2634350592
(0) ack 2282569550 win 65535
0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED]
%...?.d,
0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.
4..?N
0x0020: 5012 03bc 1b60
P..`
0x0030: 2678 x
IP 199.103.21.238.50740 63.175.100.44.80: . ack 1 win 65535
0x: 4510 0028 4655 4000 4006 733a c767 15ee E..
([EMAIL PROTECTED]@.s:.g..
0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?
N
0x0020: 5010 03bd P...
3-way handshake is completed here, next traffic should be from my
machine making the GET /, request, but instead your machine sends
another ACK:
IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710
(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp
1453026167 1159441862
0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..[EMAIL PROTECTED]
2.o.?.d,
0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.
4.gd...?N
0x0020: a012 9cdb 0204 05b4 0103
0301
0x0030: 0101 080a 569b 6b77 451b adc6 9345
1153 V.kwEE.S
Interesting that the previous ack had no TCP options set, whereas
this one does include a timestamp in response.
IP 199.103.21.238.50740 63.175.100.44.80: . ack 396204883 win 65535
nop,nop,timestamp 1159441863 1453026167
0x: 4510 0034 4656 4000 4006 732d c767 15ee E..
[EMAIL PROTECTED]@.s-.g..
0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?
N
0x0020: 8010 8157 0101 080a 451b
adc7 .W..E...
0x0030: 569b 6b77V.kw
Where did sequence # 396204883 come from? And your side follows up
with a pair of connection resets, and a normal ACK packet, too.
IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593
(0) win 0
0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED]
2...?.d,
0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.
4
0x0020: 5004 cb24 f3fa P
$..
0x0030: 5489 T.
IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593
(0) win 0
0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED]
{.?.d,
0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.
4
0x0020: 5004 cb24 abb8 P
$..
0x0030: c9be ..
IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710
(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp
1453026467 1159441862
0x: 4500 003c 3a9d 4000 3206 8cee 3faf 642c E..:[EMAIL PROTECTED]
2...?.d,
0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.
4.gd...?N
0x0020: a012 9baf 0204 05b4 0103
0301
0x0030: 0101 080a 569b 6ca3 451b adc6 bdd6
d7c9 V.l.E...
...and my side closes, too. Something is badly confused.
IP 199.103.21.238.50740 63.175.100.44.80: R 2282569550:2282569550
(0) win 0
0x: 4500 0028 465a 4000 4006 7345 c767 15ee E..
([EMAIL PROTECTED]@.sE.g..
0x0010: 3faf 642c c634 0050 880d 3f4e ?.d,.4.P..?
N
0x0020: 5004 a0cf P...
---
When I repeat the connection attempt a few seconds later:
IP 199.103.21.238.50743 63.175.100.44.80: S 262625798:262625798(0)
win
Re: Help with strange web server problem
Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Thanks! On Feb 13, 2006, at 7:58 AM, Jerry Bell wrote: It's hit or miss, but the first time someone visits the web site, they get a server not found page. On hitting refresh, they get the page - no problems. If I wait a while and try again, I get the same problem. Path MTU problem? The problem appears to be something in the initial communication with the web server. Using tcpdump, I can see that the PC connects to the web server and sends the GET request, but the server closes the connection abruptly. Comparing that flow to a normal session, I see that there are some extra packets between the initial SYN and the sending of the GET phrase that do not exist during a successful session. The details would help. :-) Or you could tell us what the server is so we could try hitting it ourselves... -- -Chuck I just tried visiting the site five times in the past few minutes without incident. That probably does not help you very much though. I am using FF, the latest version if that means anything. -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Help with strange web server problem
Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard allow tcp from any to any established followed by the allow tcp any to my_ip 80 setup. I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the disks being idled theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 mss 1460,nop,wscale 0,nop,nop,timestamp 1159441862 0 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 x IP 199.103.21.238.50740 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the GET /, request, but instead your machine sends another ACK: IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026167 1159441862 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 63.175.100.44.80: . ack 396204883 win 65535 nop,nop,timestamp 1159441863 1453026167 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be .. IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026467 1159441862 0x: 4500 003c 3a9d 4000 3206 8cee 3faf 642c E..:[EMAIL
Re: Help with strange web server problem
Looks like it's still an issue, so I'd say the firewall issue is still in play. If there is not a firewall/proxy in place, are there any known issues with IPFW (or anything else with FBSD) that could cause this behavior? Jerry Bell wrote: Charles - thank you for your excellent investigation! I'm pretty sure that my colo provider isn't running a firewall (I've asked them not to, anyhow). I am running IPFW on that box, with the standard allow tcp from any to any established followed by the allow tcp any to my_ip 80 setup. I've done that on other servers without it being a problem like this. I'm going to have the colo double check for router acl's or something like that in the morning. Since this is such an intermittent problem, I can't yet say that it's fixed, but I ran with the disks being idled theory and wrote a small script that creates a file and deletes a file every minute, and since that's been running, I've not seeing the issue repeat - but then this is not a very repeatable problem. Thanks again for your great assistance. Jerry Charles Swiger wrote: On Feb 13, 2006, at 3:12 PM, Jerry Bell wrote: I didn't want to spam the link out, but it's www.musiclodge.com. I will gather the capture data from working and non working sessions and send it out. Well, I can confirm the behavior you've described. It looks somewhat like a stateful firewall or is in the way and is generating an RST, even while your webserver tries to generate a response. However, once the firewall sees the outbound traffic, it seems to create a dynamic rule which lets the traffic from subsequent connections through: 5-pan# tcpdump -tnXs 0 host www.musiclodge.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes IP 199.103.21.238.50740 63.175.100.44.80: S 2282569549:2282569549(0) win 65535 mss 1460,nop,wscale 0,nop,nop,timestamp 1159441862 0 0x: 4510 003c 4653 4000 4006 7328 c767 15ee E..[EMAIL PROTECTED]@.s(.g.. 0x0010: 3faf 642c c634 0050 880d 3f4d ?.d,.4.P..?M 0x0020: a002 815f 0204 05b4 0103 0300 ._.. 0x0030: 0101 080a 451b adc6 E... IP 63.175.100.44.80 199.103.21.238.50740: S 2634350592:2634350592(0) ack 2282569550 win 65535 0x: 4500 0028 4000 2506 d49f 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 880d 3f4e .g...P.4..?N 0x0020: 5012 03bc 1b60 P..` 0x0030: 2678 x IP 199.103.21.238.50740 63.175.100.44.80: . ack 1 win 65535 0x: 4510 0028 4655 4000 4006 733a c767 15ee E..([EMAIL PROTECTED]@.s:.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 5010 03bd P... 3-way handshake is completed here, next traffic should be from my machine making the GET /, request, but instead your machine sends another ACK: IP 63.175.100.44.80 199.103.21.238.50740: S 2238145710:2238145710(0) ack 2282569550 win 65535 mss 1460,nop,wscale 1,nop,nop,timestamp 1453026167 1159441862 0x: 4500 003c 57fa 4000 3206 6f91 3faf 642c E..[EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 8567 64ae 880d 3f4e .g...P.4.gd...?N 0x0020: a012 9cdb 0204 05b4 0103 0301 0x0030: 0101 080a 569b 6b77 451b adc6 9345 1153 V.kwEE.S Interesting that the previous ack had no TCP options set, whereas this one does include a timestamp in response. IP 199.103.21.238.50740 63.175.100.44.80: . ack 396204883 win 65535 nop,nop,timestamp 1159441863 1453026167 0x: 4510 0034 4656 4000 4006 732d c767 15ee [EMAIL PROTECTED]@.s-.g.. 0x0010: 3faf 642c c634 0050 880d 3f4e 9d05 0001 ?.d,.4.P..?N 0x0020: 8010 8157 0101 080a 451b adc7 .W..E... 0x0030: 569b 6b77V.kw Where did sequence # 396204883 come from? And your side follows up with a pair of connection resets, and a normal ACK packet, too. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 b6f6 4000 3206 10a9 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 f3fa P$.. 0x0030: 5489 T. IP 63.175.100.44.80 199.103.21.238.50740: R 2634350593:2634350593(0) win 0 0x: 4500 0028 4bfc 4000 3206 7ba3 3faf 642c E..([EMAIL PROTECTED], 0x0010: c767 15ee 0050 c634 9d05 0001 .g...P.4 0x0020: 5004 cb24 abb8 P$.. 0x0030: c9be
Re: Help with strange web server problem
Jerry Bell wrote: Looks like it's still an issue, so I'd say the firewall issue is still in play. If there is not a firewall/proxy in place, are there any known issues with IPFW (or anything else with FBSD) that could cause this behavior? Hi Jerry - hard to tell without seeing your firewall rules in place... any errors in httpd-error.log ? Beto ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
