Re: Linux-PC blocked/filtered in the network.

To: debian-edu@lists.debian.org
Subject: Re: Linux-PC blocked/filtered in the network.
From: Ole-Anders Andreassen <olea@skolelinux.no>
Date: Wed, 09 Mar 2011 12:39:14 +0100
Message-id: <[🔎] 4D7766E2.6030302@skolelinux.no>
In-reply-to: <20110221192758.GA803@login2.uio.no>
References: <4D5C58E0.20706@skolelinux.no> <201102171227.16732.klaus@skolelinux.no> <4D5D0E0D.8000500@skolelinux.no> <201102171430.40791.klaus@skolelinux.no> <4D5D69C6.9050406@skolelinux.no> <4D62A173.20301@skolelinux.no> <20110221192758.GA803@login2.uio.no>

Petter Reinholdtsen skrev:

[Ole-Anders Andreassen]

What kind of things should I test to document, or find the problems?
So far I have just used MTR to document slow respons, wget
--no-proxy to document that www hangs and ends time out, ifconfig to
show NiC settings, and route...


Comparing tcptraceroute and traceroute might be useful.  A tcpdump of
a hanging session might be useful too.

What you describe sound slighly similar to the problem we experienced
at a gathering, where some transparent firewall (Firewall 1, if I do
not remember incorrectly), were unable to parse HTTP headers with unix
line endings and simply refused to handle such HTTP connections.

Happy hacking,






tjener:~# tcptraceroute www.vg.no
Selected device eth0, address 10.0.2.2, port 52967 for outgoing packets
Tracing the path to www.vg.no (195.88.54.16) on TCP port 80 (www), 30 hops max
 1  10.0.2.1  9.061 ms  0.461 ms  0.512 ms
 2  10.63.152.1  1.235 ms  1.036 ms  0.978 ms
 3  10.202.63.1  3.894 ms  10.220 ms  3.858 ms
 4  10.200.193.17  3.790 ms  3.795 ms  4.070 ms
 5  85.221.22.129  4.657 ms  23.638 ms  17.696 ms
 6  www.vg.no (195.88.54.16) [open]  19.536 ms  11.242 ms  10.339 ms



tjener:~# traceroute www.vg.no
traceroute to www.vg.no (195.88.54.16), 30 hops max, 40 byte packets
 1  gateway.intern (10.0.2.1)  0.520 ms  0.808 ms  1.486 ms
 2  10.63.152.1 (10.63.152.1)  5.345 ms  5.431 ms  5.521 ms
 3  10.202.63.1 (10.202.63.1)  12.244 ms  12.591 ms  12.795 ms
 4  10.200.193.17 (10.200.193.17)  13.129 ms  13.338 ms  14.487 ms
 5  85.221.22.129 (85.221.22.129)  13.610 ms  13.971 ms  14.207 ms
 6  85.221.22.1 (85.221.22.1)  13.799 ms  18.911 ms  19.102 ms
 7  195.204.200.102 (195.204.200.102)  19.249 ms  15.599 ms  10.038 ms
 8  195.204.200.101 (195.204.200.101)  10.188 ms  10.290 ms  10.362 ms
 9  195.204.183.16 (195.204.183.16)  21.753 ms *  22.218 ms
10  c10G-xe-4-3-0.br1.xa19.no.catchbone.net (193.75.9.21)  21.998 ms *  22.076 ms
11  * te7-1-0.cr1.xa19.no.catchbone.net (193.75.1.73)  22.289 ms  22.600 ms
12  te7-1-0.cr1.fn3.no.catchbone.net (193.75.3.150)  22.705 ms  22.799 ms  22.868 ms
13  193.75.3.254 (193.75.3.254)  33.824 ms  30.865 ms  18.254 ms
14  xe-1-3-0.cr3.hmg9.no.linpro.net (193.156.90.81)  18.547 ms  18.629 ms  20.115 ms
15  vlan62.sw0.hmg9.no.linpro.net (87.238.32.19)  21.481 ms *  21.754 ms
16  www.vg.no (195.88.54.16)  21.271 ms  21.833 ms  21.916 ms
tjener:~#



The firewall log at the town hall shows a lot of messages about "TCP packet out of state"

Wireshark tells me that the second stage [SYN-ACK] of 3-way-handshake never happens.

The realy strange thing is that this only affects PC's with Linux




OleA

Reply to:

Follow-Ups:
- Re: Linux-PC blocked/filtered in the network.
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Participation in the next Edubuntu irc meeting ?
Next by Date: Re: Linux-PC blocked/filtered in the network.
Previous by thread: Participation in the next Edubuntu irc meeting ?
Next by thread: Re: Linux-PC blocked/filtered in the network.
Index(es):
- Date
- Thread