One NAT'ed machine fails.
I have A SuSE machine running as a NAT machine. On the internal LAN is a
Windows machine, and two Debian testing/unstable machines (one is a
laptop).
The desktop Debian 'bumby' works fine most of the time, although I noticed
that I could not reach (at my son's request) lego.com. I thought it was
down, as traceroute failed (although they probably are blocking pings).
But, when I tried from the Debian laptop I can reach lego.com.
On the SuSE NAT machine netstat -M shows both connections:
prot expire source destination ports
tcp 1:56.02 bumby www.lego.com 40828 -> www-http (61123)
tcp 1:59.79 laptop www.lego.com 1026 -> www-http (61124)
And there is not a firewall running on the SuSE machine:
> ipchains -L -n
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT):
Here's a "tcpdump host www.lego.com" on the NAT machine.
The laptop is running testing with 2.4.18 and the desktop (bumby) is
running testing/unstable with 2.4.20. I suppose the difference in the
flag is the difference in the TCP/IP stack in the two kernels.
I assume it's the server failing to deal with the ECN-Echo or CWR flag.
Seems like the only significant difference.
lego.com sets a cookie with "ASPSESSION..." which makes me suspect IIS.
I'm no expert with tcpdump...
First tcpdump of the laptop connection:
15:44:05.501142 laptop.1029 > www.lego.com.http: S 461862062:461862062(0) win 5840 <mss 1460,sackOK,timestamp 139840 0,nop,wscale 0> (DF)
15:44:05.593932 www.lego.com.http > laptop.1029: S 2028817538:2028817538(0) ack 461862063 win 64240 <mss 1380,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
15:44:05.597874 laptop.1029 > www.lego.com.http: . 1:1(0) ack 1 win 5840 <nop,nop,timestamp 139850 0> (DF)
15:44:05.605551 laptop.1029 > www.lego.com.http: P 1:459(458) ack 1 win 5840 <nop,nop,timestamp 139851 0> (DF)
15:44:05.737622 www.lego.com.http > laptop.1029: P 1:260(259) ack 459 win 63782 <nop,nop,timestamp 42968557 139851> (DF)
15:44:05.740119 www.lego.com.http > laptop.1029: FP 260:401(141) ack 459 win 63782 <nop,nop,timestamp 42968557 139851> (DF)
15:44:05.742671 laptop.1029 > www.lego.com.http: . 459:459(0) ack 260 win 6432 <nop,nop,timestamp 139864 42968557> (DF)
15:44:05.783058 laptop.1029 > www.lego.com.http: . 459:459(0) ack 402 win 7504 <nop,nop,timestamp 139869 42968557> (DF)
Now of the Desktop:
> tcpdump host www.lego.com
User level filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
15:46:58.791804 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55055407 0,nop,wscale 0> (DF)
15:47:01.785164 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55055707 0,nop,wscale 0> (DF)
15:47:07.784961 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55056307 0,nop,wscale 0> (DF)
15:47:19.784555 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55057507 0,nop,wscale 0> (DF)
What's happening?
--
Bill Moseley moseley@hank.org
Reply to: