The situation is as follows:
I have two machines (A-holds a program that is a TCP client, B-TCP server).
A contains an SNAT & DNAT that alter the ip-addresses of the outgoing sessions.
Now (in chronological order):
A opens a session (sends a SYN, recieves SYN ACK).
A sends some data (and recieves acks).
A closes the connection: (Sends a FIN)
B sends an ACK to the FIN (that contains data(!)).
A sends a RST to B (because data was recieved in the FINACK(?)), but at this point the NAT sends it with altered IP addresses - as though the session has already ended and the reset packet belongs to a new session. This packet also has bad chksum.
B tries to send FIN packets (with the correct IP addresses), but recieves no acknowledgements to them; Thus leaving the session stuck on the server in the mode LAST_ACK.
The NAT configuration and a plot of tethereal is attached.
Regards, Yoav.
Compiled by tethereal, based on tcpdump:
1 0.000000 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=5140710 TSER=0 WS=0
2 0.001437 2.7.88.255 -> 3.6.104.154 TCP 20000 > 20000 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=5109167 TSER=5140710 WS=0
3 0.001477 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=5140712 TSER=5109167
4 0.001551 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [ACK] Seq=1 Ack=1 Win=5840 Len=1448 TSV=5140712 TSER=5109167
5 0.001575 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [ACK] Seq=1449 Ack=1 Win=5840 Len=1448 TSV=5140712 TSER=5109167
6 0.010284 2.7.88.255 -> 3.6.104.154 TCP 20000 > 20000 [ACK] Seq=1 Ack=1449 Win=8688 Len=0 TSV=5109175 TSER=5140712
7 0.010307 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [PSH, ACK] Seq=2897 Ack=1 Win=5840 Len=1448 TSV=5140721 TSER=5109175
8 0.010318 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [PSH, ACK] Seq=4345 Ack=1 Win=5840 Len=658 TSV=5140721 TSER=5109175
9 0.022450 2.7.88.255 -> 3.6.104.154 TCP [TCP Dup ACK 6#1] [TCP Previous segment lost] 20000 > 20000 [ACK] Seq=7 Ack=1449 Win=8688 Len=0 TSV=5109188 TSER=5140712 SLE=1709622117 SRE=1709623565
10 0.024704 2.7.88.255 -> 3.6.104.154 TCP [TCP Dup ACK 6#2] 20000 > 20000 [ACK] Seq=7 Ack=1449 Win=8688 Len=0 TSV=5109190 TSER=5140712 SLE=1709622117 SRE=1709624223
11 0.213172 3.6.104.154 -> 2.7.88.255 TCP [TCP Retransmission] 20000 > 20000 [ACK] Seq=1449 Ack=1 Win=5840 Len=1448 TSV=5140923 TSER=5109175
12 0.215916 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [PSH, ACK] Seq=1 Ack=1449 Win=8688 Len=6 TSV=5109381 TSER=5140712 SLE=1709622117 SRE=1709624223
13 0.215940 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [ACK] Seq=5003 Ack=7 Win=5840 Len=0 TSV=5140926 TSER=5109381
14 0.216025 3.6.104.154 -> 2.7.88.255 TCP 20000 > 20000 [FIN, ACK] Seq=5003 Ack=7 Win=5840 Len=0 TSV=5140926 TSER=5109381
15 0.221815 2.7.88.255 -> 3.6.104.154 TCP 20000 > 20000 [ACK] Seq=7 Ack=5003 Win=11584 Len=0 TSV=5109387 TSER=5140923
16 0.222140 2.7.88.255 -> 3.6.104.154 TCP 20000 > 20000 [PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=6 TSV=5109387 TSER=5140926
17 0.222211 3.6.104.232 -> 2.7.89.77 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
18 0.222468 2.7.88.255 -> 3.6.104.154 TCP 20000 > 20000 [FIN, PSH, ACK] Seq=13 Ack=5004 Win=11584 Len=6 TSV=5109387 TSER=5140926
19 0.222494 3.6.104.234 -> 2.7.89.79 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
20 0.422856 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5109588 TSER=5140926
21 0.422887 3.6.104.236 -> 2.7.89.81 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
22 0.824776 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5109990 TSER=5140926
23 0.824837 3.6.104.238 -> 2.7.89.83 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
24 1.628616 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5110794 TSER=5140926
25 1.628643 3.6.104.240 -> 2.7.89.85 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
26 3.236299 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5112402 TSER=5140926
27 3.236341 3.6.104.242 -> 2.7.89.87 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
28 6.451663 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5115618 TSER=5140926
29 6.451699 3.6.104.244 -> 2.7.89.89 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
30 12.883417 2.7.88.255 -> 3.6.104.154 TCP [TCP Retransmission] 20000 > 20000 [FIN, PSH, ACK] Seq=7 Ack=5004 Win=11584 Len=12 TSV=5122050 TSER=5140926
31 12.883461 3.6.104.246 -> 2.7.89.91 TCP 20000 > 20000 [RST] Seq=0 Ack=0 Win=0 [CHECKSUM INCORRECT] Len=0
The NAT's configuration is: Chain PREROUTING (policy ACCEPT) target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT tcp -- anywhere anywhere tcp spts:20000:29999 to:3.2.46.172-3.19.11.33:20000-30000
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp spts:20000:29999 to:2.3.31.18-2.12.21.34:11111-22222
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963