Hi. We are having problem with mysql and synproxy. While other tcp apps working fine on same server, mysql server seems not working properly when we activated synproxy. This is the handshake packets while synproxy deactivated. 10.0.0.1 is the server. 14:28:57.344688 IP 10.0.0.2.59924 > 10.0.0.1.3336: Flags [S], seq 2738839797, win 29200, options [mss 1460,sackOK,TS val 1776041 ecr 0,nop,wscale 7], length 0 14:28:57.344836 IP 10.0.0.1.3336 > 10.0.0.2.59924: Flags [S.], seq 3873797148, ack 2738839798, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3220882344 ecr 1776041], length 0 14:28:57.344961 IP 10.0.0.2.59924 > 10.0.0.1.3336: Flags [.], ack 1, win 229, options [nop,nop,TS val 1776041 ecr 3220882344], length 0 Here client is able to connect without any problem. Server has wscale 6 and mss 1460, so we added synproxy rules as below iptables -t raw -A PREROUTING -i enp12s0f0 -p tcp --syn -j CT --notrack iptables -t filter -A FORWARD -i enp12s0f0 -p tcp -m state --state INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --mss 1460 --wscale 6 iptables -t filter -A FORWARD -i enp12s0f0 -p tcp -m state --state INVALID -j DROP After synproxy activated, server send reset and reject connection. Here is the packets we captured between client to firewall and firewall to server Between client and firewall 14:28:12.343253 IP 10.0.0.2.59586 > 10.0.0.1.3336: Flags [S], seq 1356993242, win 29200, options [mss 1460,sackOK,TS val 1731041 ecr 0,nop,wscale 7], length 0 14:28:12.343280 IP 10.0.0.1.3336 > 10.0.0.2.59586: Flags [S.], seq 2278099588, ack 1356993243, win 0, options [mss 1460,sackOK,TS val 1423321111 ecr 1731041,nop,wscale 6], length 0 14:28:12.343439 IP 10.0.0.2.59586 > 10.0.0.1.3336: Flags [.], ack 1, win 229, options [nop,nop,TS val 1731042 ecr 1423321111], length 0 14:28:12.343611 IP 10.0.0.1.3336 > 10.0.0.2.59586: Flags [.], ack 1, win 1023, options [nop,nop,TS val 1423321111 ecr 1731042], length 0 14:28:12.343692 IP 10.0.0.1.3336 > 10.0.0.2.59586: Flags [R], seq 2278099589, win 0, length 0 Between firewall and server 14:28:12.343459 IP 10.0.0.2.59586 > 10.0.0.1.3336: Flags [S], seq 1356993242, win 229, options [mss 1460,sackOK,TS val 1731042 ecr 1423321111,nop,wscale 7], length 0 14:28:12.343583 IP 10.0.0.1.3336 > 10.0.0.2.59586: Flags [S.], seq 1666149016, ack 1356993243, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 109930553 ecr 1731042], length 0 14:28:12.343602 IP 10.0.0.2.59586 > 10.0.0.1.3336: Flags [.], ack 1, win 229, options [nop,nop,TS val 1731042 ecr 3091507291], length 0 14:28:12.343686 IP 10.0.0.1.3336 > 10.0.0.2.59586: Flags [R], seq 1666149017, win 0, length 0 Here mysql runs on freebsd and since it is a real system that makes it harder to debug. Any idea what causes this? Regards. -- İbrahim Ercan
