[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linux-PC blocked/filtered in the network.



The theories presented by the folks at UMOEikt is that there could be something wrong with MTU size.

- I have tested with different MTU size using 'ifconfig eth1 mtu number', but nothing changes.

Another theory is that NAT is causing problems, and that I would have to change IPs in our SLX-net.

- If this was the case, I shold be able to access WWW from a laptop running linux at the town hall. This is not the case. And opposite, a laptop running Windows should not be able to access WWW from inside our SLX-net, but it can...

When I search for "TCP out of state" + Checkpoint I find this:

----
SYMPTOMS
TCP traffic is beeing dropped, and SmartView Tracker
shows the errer: "TCP packet out of state"

CAUSE
The Non-TCP, RFC compilant software fails to communicate
properly trough the security gateway.

Then a HowTo for turning of this follows...

----


I do not understand the part "The Non-TCP, RFC compilant software fails..."


OleA





Petter Reinholdtsen skrev:
[Ole-Anders Andreassen]
tjener:~# tcptraceroute www.vg.no
Selected device eth0, address 10.0.2.2, port 52967 for outgoing packets
Tracing the path to www.vg.no (195.88.54.16) on TCP port 80 (www), 30 hops max
 1  10.0.2.1  9.061 ms  0.461 ms  0.512 ms
 2  10.63.152.1  1.235 ms  1.036 ms  0.978 ms
 3  10.202.63.1  3.894 ms  10.220 ms  3.858 ms
 4  10.200.193.17  3.790 ms  3.795 ms  4.070 ms
 5  85.221.22.129  4.657 ms  23.638 ms  17.696 ms
 6  www.vg.no (195.88.54.16) [open]  19.536 ms  11.242 ms  10.339 ms

tjener:~# traceroute www.vg.no
traceroute to www.vg.no (195.88.54.16), 30 hops max, 40 byte packets
 1  gateway.intern (10.0.2.1)  0.520 ms  0.808 ms  1.486 ms
 2  10.63.152.1 (10.63.152.1)  5.345 ms  5.431 ms  5.521 ms
 3  10.202.63.1 (10.202.63.1)  12.244 ms  12.591 ms  12.795 ms
 4  10.200.193.17 (10.200.193.17)  13.129 ms  13.338 ms  14.487 ms
 5  85.221.22.129 (85.221.22.129)  13.610 ms  13.971 ms  14.207 ms
 6  85.221.22.1 (85.221.22.1)  13.799 ms  18.911 ms  19.102 ms

When we compare these two, I see the most likely candidate for the
source of this problem.  The router with IP address 85.221.22.1 would
be my prime suspect for this blocking.  It could also be a transparent
proxy placed one network hop away from this router.

The firewall log at the town hall shows a lot of messages about "TCP
packet out of state"

Broken firewall?

Happy hacking,


Reply to: