Adam , Thanks, > Ok, if you cant see the SYN/ACK from 10.56.233.99, it could be; > - if the box is multi-homed the SYN/ACK may be being routed out a different interface > - the traffic may be being dropped by iptables (which sits between tcpdump and the OS) I have only one network interface in the 10.56.233.99 server . When I couldn't see ACK to 198.18.24.3, I could see the ACK to 198.18.24.2 (the other squid server ) at the same time . So as for me ,it's really strange. iptables configraion: iptables -t nat -A POSTROUTING -o bond0.4011 -s 198.18.24.0/22 -j SNAT --to 10.56.235.86 Thanks, -Arkin On Mon, Jul 28, 2008 at 8:41 AM, Adam Carter <Adam.Carter@xxxxxxxxxxxx> wrote: >> Thanks a lot for your response . >> I used sniffer tool to catch the packet in both Poly graph Server >> (10.56.233.99) and Squid server side (198.18.24.3). >> >> I could see 198.18.24.3 send out SYNs, they SYNs were also could be >> captured in PolyServer(10.56.233.99) side , but no ack were genenated >> by the 10.56.233.99 server . > > Ok, if you cant see the SYN/ACK from 10.56.233.99, it could be; > - if the box is multi-homed the SYN/ACK may be being routed out a different interface > - the traffic may be being dropped by iptables (which sits between tcpdump and the OS) > > Double check (or maybe post) your iptables configuration. > > Also send the output of netstat -ant | grep 198.18.24.3 >
