Re: Send SYN ACK from server ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

   Why does disabling TCP window tracking resolve this issue ?

The firewall is CentOS 4 - kernel Linux fw1-calgary.int.pason.com 2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11
iptables 1.2.11

# echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal


Michael

Michael Gale wrote:

Hello,

I am seeing a problem where when a linux box from behind a linux firewall connects to an external server, the external server is sending a second SYN,ACK message:

-> SYN sent
<- SYN,ACK received -- WINDOWS SIZE SET TO 0 ??
-> ACK sent

Then the external server sends:
<-SYN, ACK with same seq numbers ?? and WINDOW SIZE SET TO 16560 ??

Now if the client is windows :( it replies to the second SYN,ACK and everything seems to work, however when the client is linux, the second SYN,ACK is ignored by the client which I believe causes the connection state to be destroyed on the firewall.

Am I corrent is assuming that the window size update packet should NOT have the SYN bit set and that this is a problem on the remote server ?

Michael


--
Michael Gale

Linux Administrator
Network Administrator
Pason Systems Corp.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux