Tom Eastep wrote: > Jon wrote: >> Tom Eastep wrote: >>> What I suggest that you try is: >>> >>> a) On the firewall system, "tcpdump -nvvi eth0 host 61.184.172.35 and >>> port 25". >>> >>> b) From 61.184.172.35, "telnet 137.186.135.69 25". >>> >>> Are you seeing response packets? Do they have the correct checksum >>> (tcpdump >>> will complain if they don't). Do they have the correct Source IP >>> (137.186.135.69)? >> Looks like, but as we've already established I'm not an expert. >> >> 13:17:34.572203 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto: >> TCP (6), length: 60) 137.186.135.69.25 > 161.184.172.35.58597: S, cksum >> 0x7414 (correct), 702401703:702401703(0) ack 2900661819 win 5792 <mss >> 1460,sackOK,timestamp 2690993 18165458,nop,wscale 2> >> 13:17:35.985329 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto: >> TCP (6), length: 60) 137.186.135.69.25 > 161.184.172.35.58597: S, cksum >> 0x72ae (correct), 702401703:702401703(0) ack 2900661819 win 5792 <mss >> 1460,sackOK,timestamp 2691351 18165458,nop,wscale 2> > > Those are duplicate packets (only the checksum and window size are > different and there is no intervening packet in the other direction) > which suggests that the recipient (161.184.172.35) isn't getting them. > Looks like it's time to get a packet trace on 161.184.172.3
Note that those are the SYN,ACK packets that are returned by the server in response to the client's initial SYN. And it isn't the advertised window that changed -- it's the timestamp; sorry for the confusion. You can tell that they are SYN,ACK by the "S," before the 'cksum and the fact that they 'ack' sequence 2900661819. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
