Re: [Shorewall-users] Slow DNAT/SNAT

Robin Helgelin Tue, 03 Feb 2015 11:27:03 -0800

On 31 jan 2015, at 17:58, Tom Eastep <[email protected]> wrote:
> As the next experiment, please capture the session on both the IMAP
> server and on the firewall's external interface. That way, we can
> compare what the two boxes are seeing. After the test, please also
> capture the output of 'shorewall show connections’.


Ok, here are three files, firewall.txt which is logged on the firewall, 
mail-server.txt from the mail server, and connections that shows the output of 
the connections command.

The log is from a inbox-refresh using my iPhone.

tcp      6 431979 ESTABLISHED src=homeip dst=publicip sport=51402 dport=143 
packets=31 bytes=4706 src=192.168.60.2 dst=homeip sport=143 dport=51402 
packets=24 bytes=7147 [ASSURED] mark=0 secmark=0 use=1
udp      17 22 src=192.168.60.2 dst=8.8.8.8 sport=42558 dport=53 packets=1 
bytes=79 src=8.8.8.8 dst=publicip sport=53 dport=42558 packets=1 bytes=95 
mark=0 secmark=0 use=1
udp      17 27 src=publicip dst=8.8.8.8 sport=49917 dport=53 packets=1 bytes=79 
src=8.8.8.8 dst=publicip sport=53 dport=49917 packets=1 bytes=95 mark=0 
secmark=0 use=1
tcp      6 431979 ESTABLISHED src=homeip dst=publicip sport=51356 dport=143 
packets=122 bytes=9498 src=192.168.60.2 dst=homeip sport=143 dport=51356 
packets=99 bytes=107397 [ASSURED] mark=0 secmark=0 use=1
tcp      6 30 TIME_WAIT src=homeip dst=publicip sport=51294 dport=1022 
packets=264 bytes=17857 src=192.168.60.1 dst=homeip sport=22 dport=51294 
packets=182 bytes=40248 [ASSURED] mark=0 secmark=0 use=1
udp      17 26 src=publicip dst=8.8.8.8 sport=45414 dport=53 packets=1 bytes=79 
src=8.8.8.8 dst=publicip sport=53 dport=45414 packets=1 bytes=95 mark=0 
secmark=0 use=1
udp      17 26 src=publicip dst=8.8.8.8 sport=40165 dport=53 packets=1 bytes=72 
src=8.8.8.8 dst=publicip sport=53 dport=40165 packets=1 bytes=119 mark=0 
secmark=0 use=1
tcp      6 430979 ESTABLISHED src=192.168.60.2 dst=homeip sport=22 dport=51036 
packets=4 bytes=6000 [UNREPLIED] src=homeip dst=publicip sport=51036 dport=22 
packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 431653 ESTABLISHED src=homeip dst=publicip sport=63041 dport=993 
packets=28 bytes=2633 src=192.168.60.2 dst=homeip sport=993 dport=63041 
packets=18 bytes=5466 [ASSURED] mark=0 secmark=0 use=1
udp      17 27 src=publicip dst=8.8.8.8 sport=53868 dport=53 packets=1 bytes=79 
src=8.8.8.8 dst=publicip sport=53 dport=53868 packets=1 bytes=95 mark=0 
secmark=0 use=1
udp      17 177 src=publicip dst=8.8.8.8 sport=60060 dport=53 packets=2 
bytes=158 src=8.8.8.8 dst=publicip sport=53 dport=60060 packets=2 bytes=190 
[ASSURED] mark=0 secmark=0 use=1
tcp      6 430324 ESTABLISHED src=192.168.60.2 dst=homeip sport=22 dport=50913 
packets=2 bytes=176 [UNREPLIED] src=homeip dst=publicip sport=50913 dport=22 
packets=0 bytes=0 mark=0 secmark=0 use=1
udp      17 22 src=192.168.60.2 dst=8.8.8.8 sport=39475 dport=53 packets=1 
bytes=79 src=8.8.8.8 dst=publicip sport=53 dport=39475 packets=1 bytes=95 
mark=0 secmark=0 use=1
udp      17 27 src=publicip dst=8.8.8.8 sport=44445 dport=53 packets=1 bytes=79 
src=8.8.8.8 dst=publicip sport=53 dport=44445 packets=1 bytes=95 mark=0 
secmark=0 use=1
tcp      6 431980 ESTABLISHED src=homeip dst=publicip sport=51360 dport=143 
packets=59 bytes=6996 src=192.168.60.2 dst=homeip sport=143 dport=51360 
packets=39 bytes=11411 [ASSURED] mark=0 secmark=0 use=1
tcp      6 431999 ESTABLISHED src=homeip dst=publicip sport=51410 dport=1022 
packets=42 bytes=5441 src=192.168.60.1 dst=homeip sport=22 dport=51410 
packets=33 bytes=4448 [ASSURED] mark=0 secmark=0 use=1
tcp      6 70 SYN_SENT src=192.168.60.2 dst=23.88.2.166 sport=53515 dport=25 
packets=4 bytes=240 [UNREPLIED] src=23.88.2.166 dst=publicip sport=25 
dport=53515 packets=0 bytes=0 mark=0 secmark=0 use=1
tcp      6 430733 ESTABLISHED src=homeip dst=publicip sport=50895 dport=1022 
packets=1129 bytes=71609 src=192.168.60.1 dst=homeip sport=22 dport=50895 
packets=652 bytes=93960 [ASSURED] mark=0 secmark=0 use=1
tcp      6 112 TIME_WAIT src=homeip dst=publicip sport=51296 dport=2022 
packets=257 bytes=17513 src=192.168.60.2 dst=homeip sport=22 dport=51296 
packets=176 bytes=37204 [ASSURED] mark=0 secmark=0 use=1
udp      17 27 src=publicip dst=8.8.8.8 sport=52882 dport=53 packets=1 bytes=79 
src=8.8.8.8 dst=publicip sport=53 dport=52882 packets=1 bytes=95 mark=0 
secmark=0 use=1

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:04:03.519762 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl  56, id 9621, 
offset 0, flags [DF], proto: TCP (6), length: 52) homeip.63041 > 
publicip.imaps: S, cksum 0x67c9 (correct), 931010914:931010914(0) win 65535 
<mss 1460,wscale 6,sackOK,eol>
20:04:03.521153 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl  63, id 0, offset 
0, flags [DF], proto: TCP (6), length: 52) publicip.imaps > homeip.63041: S, 
cksum 0xa1c2 (correct), 3244093379:3244093379(0) ack 931010915 win 5840 <mss 
1460,nop,nop,sackOK,nop,wscale 6>
20:04:03.539209 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 56846, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xd963 (correct), ack 1 win 8192
20:04:03.543821 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 254: (tos 0x0, ttl  56, id 25696, 
offset 0, flags [DF], proto: TCP (6), length: 240) homeip.63041 > 
publicip.imaps: P 1:201(200) ack 1 win 8192
20:04:03.544525 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  63, id 18823, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.imaps > 
homeip.63041: ., cksum 0xf82f (correct), ack 201 win 108
20:04:03.656712 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl  63, id 18824, 
offset 0, flags [DF], proto: TCP (6), length: 1500) publicip.imaps > 
homeip.63041: . 1:1461(1460) ack 201 win 108
20:04:03.656747 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 1047: (tos 0x0, ttl  63, id 18825, 
offset 0, flags [DF], proto: TCP (6), length: 1033) publicip.imaps > 
homeip.63041: P 1461:2454(993) ack 201 win 108
20:04:03.677325 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 5277, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xcf53 (correct), ack 2454 win 8115
20:04:03.721091 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 193: (tos 0x0, ttl  56, id 28302, 
offset 0, flags [DF], proto: TCP (6), length: 179) homeip.63041 > 
publicip.imaps: P 201:340(139) ack 2454 win 8192
20:04:03.721436 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  63, id 18826, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.imaps > 
homeip.63041: ., cksum 0xedfe (correct), ack 340 win 125
20:04:03.737084 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 113: (tos 0x0, ttl  56, id 54476, 
offset 0, flags [DF], proto: TCP (6), length: 99) homeip.63041 > 
publicip.imaps: P 340:399(59) ack 2454 win 8192
20:04:03.737374 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  63, id 18827, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.imaps > 
homeip.63041: ., cksum 0xedc3 (correct), ack 399 win 125
20:04:03.738019 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 113: (tos 0x0, ttl  63, id 18828, 
offset 0, flags [DF], proto: TCP (6), length: 99) publicip.imaps > 
homeip.63041: P 2454:2513(59) ack 399 win 125
20:04:03.755312 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 41531, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xce07 (correct), ack 2513 win 8190
20:04:03.755669 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  63, id 18829, 
offset 0, flags [DF], proto: TCP (6), length: 226) publicip.imaps > 
homeip.63041: P 2513:2699(186) ack 399 win 125
20:04:03.775396 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 26360, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xcd51 (correct), ack 2699 win 8186
20:04:03.779058 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 123: (tos 0x0, ttl  56, id 10515, 
offset 0, flags [DF], proto: TCP (6), length: 109) homeip.63041 > 
publicip.imaps: P 399:468(69) ack 2699 win 8192
20:04:03.809734 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 480: (tos 0x0, ttl  63, id 18830, 
offset 0, flags [DF], proto: TCP (6), length: 466) publicip.imaps > 
homeip.63041: P 2699:3125(426) ack 468 win 125
20:04:03.841634 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 11490, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xcb6a (correct), ack 3125 win 8178
20:04:03.860210 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 208: (tos 0x0, ttl  56, id 15830, 
offset 0, flags [DF], proto: TCP (6), length: 194) homeip.63041 > 
publicip.imaps: P 468:622(154) ack 3125 win 8192
20:04:03.877467 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  63, id 18831, 
offset 0, flags [DF], proto: TCP (6), length: 162) publicip.imaps > 
homeip.63041: P 3125:3247(122) ack 622 win 142
20:04:03.895023 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 46184, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xca4c (correct), ack 3247 win 8188
20:04:03.897437 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 128: (tos 0x0, ttl  56, id 16278, 
offset 0, flags [DF], proto: TCP (6), length: 114) homeip.63041 > 
publicip.imaps: P 622:696(74) ack 3247 win 8192
20:04:03.898026 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 144: (tos 0x0, ttl  63, id 18832, 
offset 0, flags [DF], proto: TCP (6), length: 130) publicip.imaps > 
homeip.63041: P 3247:3337(90) ack 696 win 142
20:04:03.915644 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 20664, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc9a7 (correct), ack 3337 win 8189
20:04:03.919597 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 144: (tos 0x0, ttl  56, id 9655, 
offset 0, flags [DF], proto: TCP (6), length: 130) homeip.63041 > 
publicip.imaps: P 696:786(90) ack 3337 win 8192
20:04:03.921849 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 544: (tos 0x0, ttl  63, id 18833, 
offset 0, flags [DF], proto: TCP (6), length: 530) publicip.imaps > 
homeip.63041: P 3337:3827(490) ack 786 win 142
20:04:03.941338 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  56, id 18914, 
offset 0, flags [DF], proto: TCP (6), length: 162) homeip.63041 > 
publicip.imaps: P 786:908(122) ack 3827 win 8192
20:04:03.941341 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 35904, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc770 (correct), ack 3827 win 8176
20:04:03.943255 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  63, id 18834, 
offset 0, flags [DF], proto: TCP (6), length: 178) publicip.imaps > 
homeip.63041: P 3827:3965(138) ack 908 win 142
20:04:03.956589 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 19096, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc661 (correct), ack 3965 win 8187
20:04:03.959309 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  56, id 44073, 
offset 0, flags [DF], proto: TCP (6), length: 146) homeip.63041 > 
publicip.imaps: P 908:1014(106) ack 3965 win 8192
20:04:03.960390 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  63, id 18835, 
offset 0, flags [DF], proto: TCP (6), length: 226) publicip.imaps > 
homeip.63041: P 3965:4151(186) ack 1014 win 142
20:04:03.973067 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 20243, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc53e (correct), ack 4151 win 8186
20:04:03.977447 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  56, id 59756, 
offset 0, flags [DF], proto: TCP (6), length: 146) homeip.63041 > 
publicip.imaps: P 1014:1120(106) ack 4151 win 8192
20:04:03.978670 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  63, id 18836, 
offset 0, flags [DF], proto: TCP (6), length: 226) publicip.imaps > 
homeip.63041: P 4151:4337(186) ack 1120 win 142
20:04:03.991857 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 63775, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc41a (correct), ack 4337 win 8186
20:04:03.999374 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 208: (tos 0x0, ttl  56, id 50234, 
offset 0, flags [DF], proto: TCP (6), length: 194) homeip.63041 > 
publicip.imaps: P 1120:1274(154) ack 4337 win 8192
20:04:04.000836 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  63, id 18837, 
offset 0, flags [DF], proto: TCP (6), length: 162) publicip.imaps > 
homeip.63041: P 4337:4459(122) ack 1274 win 159
20:04:04.014997 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 6833, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc304 (correct), ack 4459 win 8188
20:04:04.019449 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  56, id 35910, 
offset 0, flags [DF], proto: TCP (6), length: 162) homeip.63041 > 
publicip.imaps: P 1274:1396(122) ack 4459 win 8192
20:04:04.020975 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  63, id 18838, 
offset 0, flags [DF], proto: TCP (6), length: 178) publicip.imaps > 
homeip.63041: P 4459:4597(138) ack 1396 win 159
20:04:04.034990 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 59346, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc201 (correct), ack 4597 win 8187
20:04:04.510940 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  56, id 64569, 
offset 0, flags [DF], proto: TCP (6), length: 146) homeip.63041 > 
publicip.imaps: P 1396:1502(106) ack 4597 win 8192
20:04:04.511941 00:0c:29:f9:a5:20 (oui Unknown) > 00:09:0f:09:59:06 (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  63, id 18839, 
offset 0, flags [DF], proto: TCP (6), length: 178) publicip.imaps > 
homeip.63041: P 4597:4735(138) ack 1502 win 159
20:04:04.524247 00:09:0f:09:59:06 (oui Unknown) > 00:0c:29:f9:a5:20 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  56, id 2139, 
offset 0, flags [DF], proto: TCP (6), length: 40) homeip.63041 > 
publicip.imaps: ., cksum 0xc10d (correct), ack 4735 win 8187

46 packets captured
47 packets received by filter
0 packets dropped by kernel

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:04:03.520949 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl  55, id 9621, 
offset 0, flags [DF], proto: TCP (6), length: 52) publicip.63041 > 
192.168.60.2.imaps: S, cksum 0x8386 (correct), 931010914:931010914(0) win 65535 
<mss 1460,wscale 6,sackOK,eol>
20:04:03.542780 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl  64, id 0, offset 
0, flags [DF], proto: TCP (6), length: 52) 192.168.60.2.imaps > publicip.63041: 
S, cksum 0xbd7f (correct), 3244093379:3244093379(0) ack 931010915 win 5840 <mss 
1460,nop,nop,sackOK,nop,wscale 6>
20:04:03.539297 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 56846, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xf520 (correct), ack 1 win 8192
20:04:03.543923 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 254: (tos 0x0, ttl  55, id 25696, 
offset 0, flags [DF], proto: TCP (6), length: 240) publicip.63041 > 
192.168.60.2.imaps: P 1:201(200) ack 1 win 8192
20:04:03.543946 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  64, id 18823, 
offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.60.2.imaps > 
publicip.63041: ., cksum 0x13ed (correct), ack 201 win 108
20:04:03.654610 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl  64, id 18824, 
offset 0, flags [DF], proto: TCP (6), length: 1500) 192.168.60.2.imaps > 
publicip.63041: . 1:1461(1460) ack 201 win 108
20:04:03.654702 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 1047: (tos 0x0, ttl  64, id 18825, 
offset 0, flags [DF], proto: TCP (6), length: 1033) 192.168.60.2.imaps > 
publicip.63041: P 1461:2454(993) ack 201 win 108
20:04:03.677458 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 5277, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xeb10 (correct), ack 2454 win 8115
20:04:03.721220 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 193: (tos 0x0, ttl  55, id 28302, 
offset 0, flags [DF], proto: TCP (6), length: 179) publicip.63041 > 
192.168.60.2.imaps: P 201:340(139) ack 2454 win 8192
20:04:03.721301 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  64, id 18826, 
offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.60.2.imaps > 
publicip.63041: ., cksum 0x09bc (correct), ack 340 win 125
20:04:03.737187 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 113: (tos 0x0, ttl  55, id 54476, 
offset 0, flags [DF], proto: TCP (6), length: 99) publicip.63041 > 
192.168.60.2.imaps: P 340:399(59) ack 2454 win 8192
20:04:03.737254 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl  64, id 18827, 
offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.60.2.imaps > 
publicip.63041: ., cksum 0x0981 (correct), ack 399 win 125
20:04:03.737913 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 113: (tos 0x0, ttl  64, id 18828, 
offset 0, flags [DF], proto: TCP (6), length: 99) 192.168.60.2.imaps > 
publicip.63041: P 2454:2513(59) ack 399 win 125
20:04:03.755431 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 41531, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe9c4 (correct), ack 2513 win 8190
20:04:03.755544 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  64, id 18829, 
offset 0, flags [DF], proto: TCP (6), length: 226) 192.168.60.2.imaps > 
publicip.63041: P 2513:2699(186) ack 399 win 125
20:04:03.775901 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 26360, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe90e (correct), ack 2699 win 8186
20:04:03.779095 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 123: (tos 0x0, ttl  55, id 10515, 
offset 0, flags [DF], proto: TCP (6), length: 109) publicip.63041 > 
192.168.60.2.imaps: P 399:468(69) ack 2699 win 8192
20:04:03.809533 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 480: (tos 0x0, ttl  64, id 18830, 
offset 0, flags [DF], proto: TCP (6), length: 466) 192.168.60.2.imaps > 
publicip.63041: P 2699:3125(426) ack 468 win 125
20:04:03.841733 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 11490, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe727 (correct), ack 3125 win 8178
20:04:03.860363 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 208: (tos 0x0, ttl  55, id 15830, 
offset 0, flags [DF], proto: TCP (6), length: 194) publicip.63041 > 
192.168.60.2.imaps: P 468:622(154) ack 3125 win 8192
20:04:03.877216 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  64, id 18831, 
offset 0, flags [DF], proto: TCP (6), length: 162) 192.168.60.2.imaps > 
publicip.63041: P 3125:3247(122) ack 622 win 142
20:04:03.895096 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 46184, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe609 (correct), ack 3247 win 8188
20:04:03.897467 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 128: (tos 0x0, ttl  55, id 16278, 
offset 0, flags [DF], proto: TCP (6), length: 114) publicip.63041 > 
192.168.60.2.imaps: P 622:696(74) ack 3247 win 8192
20:04:03.897904 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 144: (tos 0x0, ttl  64, id 18832, 
offset 0, flags [DF], proto: TCP (6), length: 130) 192.168.60.2.imaps > 
publicip.63041: P 3247:3337(90) ack 696 win 142
20:04:03.915752 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 20664, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe564 (correct), ack 3337 win 8189
20:04:03.919653 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 144: (tos 0x0, ttl  55, id 9655, 
offset 0, flags [DF], proto: TCP (6), length: 130) publicip.63041 > 
192.168.60.2.imaps: P 696:786(90) ack 3337 win 8192
20:04:03.921717 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 544: (tos 0x0, ttl  64, id 18833, 
offset 0, flags [DF], proto: TCP (6), length: 530) 192.168.60.2.imaps > 
publicip.63041: P 3337:3827(490) ack 786 win 142
20:04:03.941420 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  55, id 18914, 
offset 0, flags [DF], proto: TCP (6), length: 162) publicip.63041 > 
192.168.60.2.imaps: P 786:908(122) ack 3827 win 8192
20:04:03.941436 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 35904, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe32d (correct), ack 3827 win 8176
20:04:03.943110 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  64, id 18834, 
offset 0, flags [DF], proto: TCP (6), length: 178) 192.168.60.2.imaps > 
publicip.63041: P 3827:3965(138) ack 908 win 142
20:04:03.956616 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 19096, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe21e (correct), ack 3965 win 8187
20:04:03.959358 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  55, id 44073, 
offset 0, flags [DF], proto: TCP (6), length: 146) publicip.63041 > 
192.168.60.2.imaps: P 908:1014(106) ack 3965 win 8192
20:04:03.960256 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  64, id 18835, 
offset 0, flags [DF], proto: TCP (6), length: 226) 192.168.60.2.imaps > 
publicip.63041: P 3965:4151(186) ack 1014 win 142
20:04:03.973073 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 20243, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xe0fb (correct), ack 4151 win 8186
20:04:03.977611 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  55, id 59756, 
offset 0, flags [DF], proto: TCP (6), length: 146) publicip.63041 > 
192.168.60.2.imaps: P 1014:1120(106) ack 4151 win 8192
20:04:03.978549 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 240: (tos 0x0, ttl  64, id 18836, 
offset 0, flags [DF], proto: TCP (6), length: 226) 192.168.60.2.imaps > 
publicip.63041: P 4151:4337(186) ack 1120 win 142
20:04:03.991862 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 63775, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xdfd7 (correct), ack 4337 win 8186
20:04:03.999562 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 208: (tos 0x0, ttl  55, id 50234, 
offset 0, flags [DF], proto: TCP (6), length: 194) publicip.63041 > 
192.168.60.2.imaps: P 1120:1274(154) ack 4337 win 8192
20:04:04.000734 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  64, id 18837, 
offset 0, flags [DF], proto: TCP (6), length: 162) 192.168.60.2.imaps > 
publicip.63041: P 4337:4459(122) ack 1274 win 159
20:04:04.015227 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 6833, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xdec1 (correct), ack 4459 win 8188
20:04:04.019606 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 176: (tos 0x0, ttl  55, id 35910, 
offset 0, flags [DF], proto: TCP (6), length: 162) publicip.63041 > 
192.168.60.2.imaps: P 1274:1396(122) ack 4459 win 8192
20:04:04.020585 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  64, id 18838, 
offset 0, flags [DF], proto: TCP (6), length: 178) 192.168.60.2.imaps > 
publicip.63041: P 4459:4597(138) ack 1396 win 159
20:04:04.035013 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 59346, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xddbe (correct), ack 4597 win 8187
20:04:04.511002 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 160: (tos 0x0, ttl  55, id 64569, 
offset 0, flags [DF], proto: TCP (6), length: 146) publicip.63041 > 
192.168.60.2.imaps: P 1396:1502(106) ack 4597 win 8192
20:04:04.511842 00:0c:29:89:8b:50 (oui Unknown) > 00:0c:29:f9:a5:2a (oui 
Unknown), ethertype IPv4 (0x0800), length 192: (tos 0x0, ttl  64, id 18839, 
offset 0, flags [DF], proto: TCP (6), length: 178) 192.168.60.2.imaps > 
publicip.63041: P 4597:4735(138) ack 1502 win 159
20:04:04.524556 00:0c:29:f9:a5:2a (oui Unknown) > 00:0c:29:89:8b:50 (oui 
Unknown), ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl  55, id 2139, 
offset 0, flags [DF], proto: TCP (6), length: 40) publicip.63041 > 
192.168.60.2.imaps: ., cksum 0xdcca (correct), ack 4735 win 8187

46 packets captured
47 packets received by filter
0 packets dropped by kernel


regards,
Robin

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Slow DNAT/SNAT

Reply via email to