On Mon, 21 Dec 2009 09:05:08 +0530 ericdes <[email protected]> wrote:
> Hi Tom, > > Thank you for looking into this. This is what tcpdump outputs when I > launch a http request: > > 04:20:08.292735 IP es01.tela-web.com.35200 > > ks309069.kimsufi.com.www: S 3758580123:3758580123(0) win 5840 <mss > 1460,sackOK,timestamp 40378785 0,nop,wscale 5> > 04:20:08.293384 IP ks309069.kimsufi.com > es01.tela-web.com: ICMP > host ks309069.kimsufi.com unreachable - admin prohibited, length 68 > Hint: ALWAYS USE THE -n OPTION WITH TCPDUMP. If you truly captured this from the bridge, then it means that the system in the DMZ is rejecting port 80 with an 'admin prohibited' ICMP. Shorewall rejects TCP connections with an RST so it is not Shorewall that is generating that response. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
