Hello,
Why does disabling TCP window tracking resolve this issue ?
The firewall is CentOS 4 - kernel Linux fw1-calgary.int.pason.com
2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11
iptables 1.2.11
# echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
Michael
Michael Gale wrote:
Hello,
I am seeing a problem where when a linux box from behind a linux
firewall connects to an external server, the external server is
sending a second SYN,ACK message:
-> SYN sent
<- SYN,ACK received -- WINDOWS SIZE SET TO 0 ??
-> ACK sent
Then the external server sends:
<-SYN, ACK with same seq numbers ?? and WINDOW SIZE SET TO 16560 ??
Now if the client is windows :( it replies to the second SYN,ACK and
everything seems to work, however when the client is linux, the second
SYN,ACK is ignored by the client which I believe causes the connection
state to be destroyed on the firewall.
Am I corrent is assuming that the window size update packet should NOT
have the SYN bit set and that this is a problem on the remote server ?
Michael
--
Michael Gale
Linux Administrator
Network Administrator
Pason Systems Corp.