Hello,
TheOldFellow a écrit :
# wget http://www.adobe.com/index.html
--07:45:04-- http://www.adobe.com/index.html
=> `index.html'
Resolving www.adobe.com... 192.150.18.101
Connecting to www.adobe.com|192.150.18.101|:80...
it just times out - browsers are the same.
Looking at the log shows the following warnings:
IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=9637 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=45688 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=37819 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
Wget hanging after printing "Connecting to..." but before printing
"connected" seems to indicate that it didn't receive a SYN/ACK packet
from the server in response to its SYN packet. However the logged and
dropped packets do not look like SYN/ACK packets, as they do not have
the SYN and ACK flags set.
Can you provide a capture of the resulting traffic from and to
192.150.18.101 on interface 'net' with tcpdump, tshark or wireshark when
running wget ? E.g.
# tcpdump -nvi net host 192.150.18.101
Does the problem happen if you temporarily allow all input traffic (at
least from 192.150.18.101) ? E.g.
# iptables -I INPUT -s 192.150.18.101 -j ACCEPT
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html