thr3ads.net - Shorewall users - Fwd: TCP KeepAlive ACK do not traverse Shorewall [Apr 2014]

If this information is useful, please help other people find it:
Share via:
Erica Liverani
2014-Apr-23 12:53 UTC
Fwd: TCP KeepAlive ACK do not traverse Shorewall

Hello,
   I am using Shorewall 4.5.6 to access a customer's service via leased
line. Our network (172.24.80/22) is masquerated as 192.168.54.197 to
customer service (194.169.8.222).
   My application (running on laptop (172.24.82.84) different from
Shorewall system) connects to the service with SO_KEEPALIVE flag, sends the
probe every 15 seconds but gets no answer.

   Tcpdump on Shorewall system, our side, shows these packets:

13:21:20.055444 IP 172.24.82.84.51160 > 194.169.8.222.53640: Flags [.], seq
4134671944:4134671945, ack 3708838363, win 3999, length 1
        0x0000:  001e 58e0 2f18 60eb 6907 d154 0800 4500  ..X./.`.i..T..E.
        0x0010:  0029 6dfe 4000 8006 c2dc ac18 5254 c2a9  .)m.@.......RT..
        0x0020:  08de c7d8 d188 f672 1648 dd10 61db 5010  .......r.H..a.P.
        0x0030:  0f9f f137 0000 0000 0000 0000            ...7........
13:21:34.950024 IP 172.24.82.84.51158 > 194.169.8.222.53610: Flags [.], seq
0:1, ack 1, win 3999, length 1
        0x0000:  001e 58e0 2f18 60eb 6907 d154 0800 4500  ..X./.`.i..T..E.
        0x0010:  0029 008a 4000 8006 3051 ac18 5254 c2a9  .)..@...0Q..RT..
        0x0020:  08de c7d6 d16a a04e 3fc9 4c8d 73d5 5010  .....j.N?.L.s.P.
        0x0030:  0f9f 9c84 0000 0000 0000 0000            ............
13:21:35.056108 IP 172.24.82.84.51160 > 194.169.8.222.53640: Flags [.], seq
0:1, ack 1, win 3999, length 1
        0x0000:  001e 58e0 2f18 60eb 6907 d154 0800 4500  ..X./.`.i..T..E.
        0x0010:  0029 00c4 4000 8006 3017 ac18 5254 c2a9  .)..@...0...RT..
        0x0020:  08de c7d8 d188 f672 1648 dd10 61db 5010  .......r.H..a.P.
        0x0030:  0f9f f137 0000 0000 0000 0000            ...7........

   On customer's side, I see also the ACKs:

13:21:20.055462 IP 192.168.54.197.51160 > 194.169.8.222.53640: Flags [.],
seq 19:20, ack 25, win 3999, length 1
        0x0000:  0019 e2eb 2ec6 001e 58e0 2f1b 0800 4500  ........X./...E.
        0x0010:  0029 6dfe 4000 7f06 cadb c0a8 36c5 c2a9  .)m.@.......6...
        0x0020:  08de c7d8 d188 f672 1648 dd10 61db 5010  .......r.H..a.P.
        0x0030:  0f9f f836 0000 00                        ...6...
13:21:20.076780 IP 194.169.8.222.53640 > 192.168.54.197.51160: Flags [.],
ack 20, win 46, options [nop,nop,sack 1 {1041772106:1041772107}], length 0
        0x0000:  001e 58e0 2f1b 0019 e2eb 2ec6 0800 4500  ..X./.........E.
        0x0010:  0034 d37b 4000 3706 ad53 c2a9 08de c0a8  .4.{@.7..S......
        0x0020:  36c5 d188 c7d8 dd10 61db f672 1649 8010  6.......a..r.I..
        0x0030:  002e df7c 0000 0101 050a 348a 447f 348a  ...|......4.D.4.
        0x0040:  4480                                     D.
13:21:34.950041 IP 192.168.54.197.51158 > 194.169.8.222.53610: Flags [.],
seq 19:20, ack 25, win 3999, length 1
        0x0000:  0019 e2eb 2ec6 001e 58e0 2f1b 0800 4500  ........X./...E.
        0x0010:  0029 008a 4000 7f06 3850 c0a8 36c5 c2a9  .)..@...8P..6...
        0x0020:  08de c7d6 d16a a04e 3fc9 4c8d 73d5 5010  .....j.N?.L.s.P.
        0x0030:  0f9f a383 0000 00                        .......
13:21:34.971211 IP 194.169.8.222.53610 > 192.168.54.197.51158: Flags [.],
ack 20, win 46, options [nop,nop,sack 1 {1998813038:1998813039}], length 0
        0x0000:  001e 58e0 2f1b 0019 e2eb 2ec6 0800 4500  ..X./.........E.
        0x0010:  0034 a69f 4000 3706 da2f c2a9 08de c0a8  .4..@.7../......
        0x0020:  36c5 d16a c7d6 4c8d 73d5 a04e 3fca 8010  6..j..L.s..N?...
        0x0030:  002e dfb0 0000 0101 050a 1771 b724 1771  ...........q.$.q
        0x0040:  b725                                     .%
13:21:35.056124 IP 192.168.54.197.51160 > 194.169.8.222.53640: Flags [.],
seq 19:20, ack 25, win 3999, length 1
        0x0000:  0019 e2eb 2ec6 001e 58e0 2f1b 0800 4500  ........X./...E.
        0x0010:  0029 00c4 4000 7f06 3816 c0a8 36c5 c2a9  .)..@...8...6...
        0x0020:  08de c7d8 d188 f672 1648 dd10 61db 5010  .......r.H..a.P.
        0x0030:  0f9f f836 0000 00                        ...6...
13:21:35.078037 IP 194.169.8.222.53640 > 192.168.54.197.51160: Flags [.],
ack 20, win 46, options [nop,nop,sack 1 {1041772106:1041772107}], length 0
        0x0000:  001e 58e0 2f1b 0019 e2eb 2ec6 0800 4500  ..X./.........E.
        0x0010:  0034 d37c 4000 3706 ad52 c2a9 08de c0a8  .4.|@.7..R......
        0x0020:  36c5 d188 c7d8 dd10 61db f672 1649 8010  6.......a..r.I..
        0x0030:  002e df7c 0000 0101 050a 348a 447f 348a  ...|......4.D.4.
        0x0040:  4480                                     D.

Someone can help me to pinpoint the problem ?

Thank you
Erika


------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
Shorewall users - Apr 2014 - Fwd: TCP KeepAlive ACK do not traverse Shorewall

Fwd: TCP KeepAlive ACK do not traverse Shorewall
