No, there are not any drops in the logs.
-Phil G
On Oct 2, 2008, at 1:02 AM, "Chris Buechler" <[EMAIL PROTECTED]>
wrote:
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet).
you can
see my request to subaru.com and then the reply comes to the
firewall but
never get's passed to my computer. what's weird is the reset.
23:30:04.664256 IP UNIXBOX.gnet.49796 > subaru.com.http: S
1787975612:1787975612(0) win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp
2090781090 0,sackOK,eol>
23:30:04.710299 IP subaru.com.http > UNIXBOX.gnet.49796: S
2731372884:2731372884(0) ack 1787975613 win 4380 <mss 1460,nop,wscale
0,nop,nop,timestamp 311872670 2090781090,sackOK,eol>
There's your missing SYN ACK. (Bill was right btw, I overlooked the
fact that there's no way this could be frame size related given you
weren't getting the SYN ACK which will be small)
Seeing drops in your firewall logs?
23:30:05.321055 IP 12.120.5.14.http > UNIXBOX.gnet.49740: R
2533320030:2533320030(0) ack 10685623 win 0
This is part of a different connection, without more context it's hard
to say for sure what that is, but RST ACK should be a response to a
SYN saying "port closed". Of course that port isn't really closed, so
it makes me wonder if there's some TCP related bug or configuration
issue on one or both ends making it reject the connection.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
