* Send SYN ACK from server ?
@ 2006-01-19 20:58 Michael Gale
2006-01-20 17:59 ` Michael Gale
0 siblings, 1 reply; 2+ messages in thread
From: Michael Gale @ 2006-01-19 20:58 UTC (permalink / raw)
To: netfilter
Hello,
I am seeing a problem where when a linux box from behind a linux
firewall connects to an external server, the external server is sending
a second SYN,ACK message:
-> SYN sent
<- SYN,ACK received -- WINDOWS SIZE SET TO 0 ??
-> ACK sent
Then the external server sends:
<-SYN, ACK with same seq numbers ?? and WINDOW SIZE SET TO 16560 ??
Now if the client is windows :( it replies to the second SYN,ACK and
everything seems to work, however when the client is linux, the second
SYN,ACK is ignored by the client which I believe causes the connection
state to be destroyed on the firewall.
Am I corrent is assuming that the window size update packet should NOT
have the SYN bit set and that this is a problem on the remote server ?
Michael
--
Michael Gale
Linux Administrator
Network Administrator
Pason Systems Corp.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Send SYN ACK from server ?
2006-01-19 20:58 Send SYN ACK from server ? Michael Gale
@ 2006-01-20 17:59 ` Michael Gale
0 siblings, 0 replies; 2+ messages in thread
From: Michael Gale @ 2006-01-20 17:59 UTC (permalink / raw)
To: Michael Gale, netfilter
Hello,
Why does disabling TCP window tracking resolve this issue ?
The firewall is CentOS 4 - kernel Linux fw1-calgary.int.pason.com
2.6.9-22.0.1.EL #1 Thu Oct 27 12:26:11
iptables 1.2.11
# echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
Michael
Michael Gale wrote:
> Hello,
>
> I am seeing a problem where when a linux box from behind a linux
> firewall connects to an external server, the external server is
> sending a second SYN,ACK message:
>
> -> SYN sent
> <- SYN,ACK received -- WINDOWS SIZE SET TO 0 ??
> -> ACK sent
>
> Then the external server sends:
> <-SYN, ACK with same seq numbers ?? and WINDOW SIZE SET TO 16560 ??
>
> Now if the client is windows :( it replies to the second SYN,ACK and
> everything seems to work, however when the client is linux, the second
> SYN,ACK is ignored by the client which I believe causes the connection
> state to be destroyed on the firewall.
>
> Am I corrent is assuming that the window size update packet should NOT
> have the SYN bit set and that this is a problem on the remote server ?
>
> Michael
>
--
Michael Gale
Linux Administrator
Network Administrator
Pason Systems Corp.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-01-20 17:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-19 20:58 Send SYN ACK from server ? Michael Gale
2006-01-20 17:59 ` Michael Gale
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.