Solaris: doubt with ICMP "port-unreachable" message
Hi,
I am testing my debian box (router), using Iptables, with REJECT
(icmp-port-unreachable, default)
for tcp and udp packets (from outside with a NEW state) coming by ppp0
(dsl connection).
if I try to connect from a Solaris box, the connection don't close at
moment.
--------------------
from router, the output of tcpdump -i ppp0 command is:
01:26:50.485531 IP dsl-1-2-3.nowhere.com > 148.228.1.2: icmp 56:
dsl-1-2-3.nowhere.com tcp port ssh unreachable
(4 or 5 times...)
the solaris box is a: SunOS 5.8 Generic_108528-13 sun4u sparc
SUNW,Sun-Fire-280R
IP address: 148.228.1.2 (example)
my box (router) is a: Linux router 2.4.18-bf2.4 #1... i586 GNU/Linux
(debian stable)
iptables version: iptables v1.2.11
IP address: dsl-1-2-3.nowhere.com
I think, maybe Sun Solaris is not able to handle correctly ICMP
"port-unreachable" message,
I would expect that Solaris box canceled the attempt to connect.
RFC1122 says (pg 101):
An attempt to open a TCP connection could fail with
excessive retransmissions of the SYN segment or by receipt
of a RST segment or an ICMP Port Unreachable. ...
also in "ICMP attacks against TCP draft-gont-tcpm-icmp-attacks-05.txt"
(pg 10)... and others...
Solaris waits four minutes !! and then says:
ssh: connect to host 201.102.88.153 port 22: Connection timed out
after this, I think Solaris box is blocking ICMP messages (I/O),or
is the Solaris TCP/IP implementation too old?...
am i missing something?
thanks...
and sorry for my english...
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.yahoo.com.mx/
Reply to: