From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Subject: Re: www.adobe.com
Date: Thu, 13 Nov 2008 11:02:13 +0100 [thread overview]
Message-ID: <491BFB25.3000800@plouf.fr.eu.org> (raw)
In-Reply-To: <20081113075231.50345b2c@gmail.com>
Hello,
TheOldFellow a écrit :
>
> # wget http://www.adobe.com/index.html
> --07:45:04-- http://www.adobe.com/index.html
> => `index.html'
> Resolving www.adobe.com... 192.150.18.101
> Connecting to www.adobe.com|192.150.18.101|:80...
>
> it just times out - browsers are the same.
>
> Looking at the log shows the following warnings:
>
> IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=9637 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
> IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=45688 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
> IPTABLES:INPUT IN=net OUT= MAC=00:a0:c9:43:8f:77:00:90:96:f7:74:42:08:00 SRC=192.150.18.101 DST=192.168.1.2 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=37819 PROTO=TCP SPT=80 DPT=3723 WINDOW=20498 RES=0x00 URGP=0
Wget hanging after printing "Connecting to..." but before printing
"connected" seems to indicate that it didn't receive a SYN/ACK packet
from the server in response to its SYN packet. However the logged and
dropped packets do not look like SYN/ACK packets, as they do not have
the SYN and ACK flags set.
Can you provide a capture of the resulting traffic from and to
192.150.18.101 on interface 'net' with tcpdump, tshark or wireshark when
running wget ? E.g.
# tcpdump -nvi net host 192.150.18.101
Does the problem happen if you temporarily allow all input traffic (at
least from 192.150.18.101) ? E.g.
# iptables -I INPUT -s 192.150.18.101 -j ACCEPT
next prev parent reply other threads:[~2008-11-13 10:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-13 7:52 www.adobe.com TheOldFellow
2008-11-13 8:33 ` www.adobe.com Покотиленко Костик
2008-11-13 8:42 ` www.adobe.com Wessel
2008-11-13 8:44 ` www.adobe.com Amos Jeffries
2008-11-13 8:59 ` www.adobe.com Покотиленко Костик
2008-11-13 9:15 ` www.adobe.com Gilad Benjamini
2008-11-13 10:02 ` Pascal Hambourg [this message]
2008-11-13 10:52 ` www.adobe.com TheOldFellow
2008-11-13 11:22 ` www.adobe.com Pascal Hambourg
2008-11-13 12:00 ` www.adobe.com TheOldFellow
2008-11-14 9:30 ` www.adobe.com John Haxby
2008-11-15 3:39 ` www.adobe.com Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=491BFB25.3000800@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.