Problem accessing packages.debian.org

["Richard Boardman" <richard.boardman@lyttonroad.com>]

I know from the debian-www mailing list that there are, or have been,
problems with the packages.debian.org site. I'm having a problem accessing
packages.debian.org today (a site I can usually reach), and wonder if it's
related or not.

Simply, responses are coming from a different IP address to where the
request was sent, so being blocked by my firewall.

In more detail:
I'm behind a firewall which allows only ESTABLISHED and RELATED traffic in
from the internet.

DNS resolves packages.debian.org to 213.165.95.4 and 5.153.231.3.

tcpdump shows:

me -> 213.165.95.4 TCP dport=80 SYN
213.165.95.4 -> me TCP sport=80 SYN,ACK
me -> 213.165.95.4 TCP dport=80 ACK
me -> 213.165.95.4 HTTP dport=80 GET /search?.....  (all good so far)
1 second delay ...
me -> 213.165.95.4 HTTP dport=80 GET /search?.....  (Retransmission)
213.165.95.4 -> me TCP sport=80 SYN,ACK             (Retransmission)
me -> 213.165.95.4 TCP dport=80 ACK                 (Retransmission)
me -> 213.165.95.4 HTTP dport=80 GET /search?.....  (Retransmission)
213.165.95.4 -> me TCP sport=80 SYN,ACK             (Retransmission)
Retransmissions continue from both ends for 1 minute ...
213.165.95.4 -> me TCP sport=80 RST
then ...
5.153.231.3 -> me TCP sport=80 ACK                  (fragment)
5.153.231.3 -> me TCP sport=80 ACK                  (fragment)
5.153.231.3 -> me HTTP sport=80 ACK,PUSH 200 OK     (HTTP response)
...

The traffic from 5.153.231.3 is neither ESTABLISHED nor RELATED to the
213.165.95.4 stream, so is dropped at the firewall.

It also looks like 213.165.95.4 is not receiving my ACKs.

regards

Richard Boardman