Re: Strange behaviour with a TCP connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, the way to find the problem is to look at the packets on both
sides of the firewall and see what is wrong/different with the ones that
elicit the RST.  Also, is the RST coming from the target through the
firewall or from the firewall itself?

I suggest ethereal.  You might be able to solve the problem by running
it on the firewall machine, but it may require running it on a separate
machine (I keep some old ethernet hubs around for that purpose).

On Wed, 2003-10-01 at 09:48, Andrés Roldán wrote:
> Lawrence MacIntyre <lpz@ornl.gov> writes:
> 
> > Is the firewall a LinkSys box?  I've seen several strange behaviours
> > that I didn't have time to track down where one machine would work and
> > another would not.  The latest firmware upgrade from Linksys fixed it.
> 
> Unfortunately, the firewall is still a Debian GNU/Linux 2.4.22 machine.
> This makes the problem much more interesting :)
> 
> 
> > On Wed, 2003-10-01 at 09:25, Andr�©s Rold�¡n wrote:
> >> Hi.
> >> 
> >> I have the following problem:
> >> 
> >> I have two machines being natted through a firewall. Both machines
> >> are translated to the same public IP. The two machines have not
> >> any filtering/natting/mangling rules. One machine has kernel 2.4.22
> >> and the other has 2.4.21. When the 2.4.21 machine tries to make a 
> >> connection to a certain IP address to the port 443 (https), a 
> >> RESET is sent inmediatly from the target (yes, the connection is natted). 
> >> When the other machine (kernel 2.4.22) tries to make the same connection 
> >> to the same target, the connection is succesfully done. If the
> >> machine with kernel 2.4.21 boots off 2.4.22, the problem is solved.
> >> 
> >> By the way, the firewall has not any filtering rules for those machines.
> >> 
> >> Does anyone know what could be the problem?
> >> 
> >> Thanks in advance.
> > -- 
> >     Lawrence MacIntyre     865.574.8696     lpz@ornl.gov
> >                Oak Ridge National Laboratory
> > High Performance Information Infrastructure Technology Group
> >
-- 
    Lawrence MacIntyre     865.574.8696     lpz@ornl.gov
               Oak Ridge National Laboratory
High Performance Information Infrastructure Technology Group

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux