Hi All,
I’m sending TCP SYN packets to the server. The problem is that the SYN-ACK packets coming from the server in response are sometimes dropped by my firewall (iptables) as INVALID. I can’t figure out why the firewall sees these packets invalid. They seem to be Ok. What parameters are taken into account by the firewall when making a decision about invalidity of a packet?
Example from tcpdump:
19:29:22.045106 <my IP> <Server IP> TCP 60710→8080 [SYN] Seq=2646194936 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1356920 TSecr=0 WS=16
19:29:22.817859 <Server IP> <my IP> TCP 8080→60710 [SYN, ACK] Seq=3920856233 Ack=2646194937 Win=65535 Len=0 MSS=1200 SACK_PERM=1
The ACK sequence number (Ack=2646194937) is OK, but I see in my iptables logs that this SYN-ACK packet is marked as INVALID and dropped.
When the SYN-ACK packet comes the TCP session is in the state SYN_SENT -> So, the states are also OK. Why is this packet invalid then?
Thank you!
Aleksej.
��.n��������+%�������w��{.n����z���)���jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
