search for: syn_sent

...ut source destination Chain outtos (1 references) pkts bytes target prot opt in out source destination Chain pretos (1 references) pkts bytes target prot opt in out source destination tcp 6 75 SYN_SENT src=80.171.100.101 dst=203.221.73.195 sport=44165 dport=4662 [UNREPLIED] src=203.221.73.195 dst=80.171.100.101 sport=4662 dport=44165 use=1 tcp 6 274578 ESTABLISHED src=213.39.215.49 dst=161.53.68.130 sport=39410 dport=4663 src=161.53.68.130 dst=213.39.215.49 sport=4663 dport=39410 [ASSURE...

I am having a problem with connections from a server behind a shorewall firewall. Both machines are running redhat 8.0 with a custom 2.4.20 kernel. The problem lies with a mail server I am configuring which has been able to send mail to all hosts, except this one. The connection starts with the SYN_SENT, and then just hangs there. (telnet to remote server on port 25 just hangs trying to connect, SYN_SENT as well). I have used NAT to control the mail server behind the firewall, and have done this many times prior without this problem. This is also my first use of RedHat 8.0 and am wondering if t...

...how many connection the server has, i run this command but i don't know how to sum all the results and get a final number. any ideas? netstat -an | grep -E 'tcp|udp' | awk '{print $6}' | sort | uniq -c | sort -n ?? 1 CLOSE_WAIT ?? 1 FIN_WAIT_2 ?? 1 LAST_ACK ?? 1 TIME_WAIT ?? 4 SYN_SENT ? 15 ? 37 LISTEN ? 44 ESTABLISHED ---------------------------------- Alejandro Rodriguez Luna Web: http://www.alexluna.org E-mail: el_alexluna at yahoo.com.mx MSN: el_alexluna at yahoo.com.mx GTalk: alexluna at gmail.com Movil: 044-311-112-86-41 ----------------------------------...

...198.20:80 TIME_WAIT tcp 38 0 localhost:80 89.31.89.51:1419 ESTABLISHED tcp 0 0 localhost:80 77.70.106.4:14550 ESTABLISHED tcp 0 0 localhost:36872 208.67.70.3:80 TIME_WAIT tcp 0 1 localhost:36886 66.37.52.232:80 SYN_SENT tcp 0 10164 localhost:80 58.187.121.173:10350 ESTABLISHED tcp 0 0 localhost:80 85.140.195.98:4052 TIME_WAIT tcp 0 0 localhost:80 66.199.253.130:57278 FIN_WAIT2 tcp 0 0 localhost:37384 213.41.23.61:80 TIME_WAIT...

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

...s been powered off for almost 3 days I can still see this client trying to connect to it when I ssh from another terminal: [root at centos log]# lsof | grep 192.168.8.125 sshd????? 6630????? root??? 7u???? IPv4????????????? 24776 0t0??????? TCP centos.company.co.uk:57423->192.168.8.125:ldap (SYN_SENT) sshd????? 6642????? root??? 7u???? IPv4????????????? 24812 0t0??????? TCP centos.company.co.uk:57425->192.168.8.125:ldap (SYN_SENT) At the same time I can see a lot of successful TCP flags (ESTABLISHED, CLOSE_WAIT) against DC1. Since no configuration changes have been made on this CentOS box...

...0:* LISTEN tcp 0 0 192.168.1.1:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 1 x.y.46.70:4837 192.168.0.5:139 SYN_SENT tcp 0 96 x.y.46.70:22 x.y.174.74:2433 CONNECT udp 0 0 192.168.1.1:137 0.0.0.0:* udp 0 0 0.0.0.0:137 0.0.0.0:* udp 0 0 192.168.1.1:138 0.0.0.0:* udp 0 0 0.0.0.0:138 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 x.y.46.70:500 0.0.0.0:* rele...

...onnect from 212.19.195.160 to 212.178.64.74 trough port 8080 The rule i made is: DNAT  net   loc:192.168.0.20:80  tcp  8080 - 212.178.64.74 (and 192.168.0.20 can be reached from inside my network). In /var/log/messages it says it is accepted but when i do an dump in shorewall the line tcp 6 116 SYN_SENT src=212.19.195.160 dst=212.178.64.74 sport=1782 dport=8080 packets=2 bytes=96 [UNREPLIED] src=192.168.0.20 dst=212.19.195.160 sport=80 dport=1782 packets=0 bytes=0 mark=0 use=1 apears. Why is al my internal trafic blocked? Thanks, Wendy

...TING ACCEPT [6:406] :OUTPUT ACCEPT [5:268] -A PREROUTING -p tcp -m tcp --dport 1416 -j CT --timeout test-tcp-2 -A PREROUTING -p tcp -m tcp --dport 1414 -j CT --timeout test-tcp COMMIT # nfct list timeout .test-tcp = { .l3proto = 2, .l4proto = 6, .policy = { .SYN_SENT = 120, .SYN_RECV = 60, .ESTABLISHED = 100, .FIN_WAIT = 120, .CLOSE_WAIT = 10, .LAST_ACK = 30, .TIME_WAIT = 120, .CLOSE = 10, .SYN_SENT2 = 120, .RETRANS = 3...

...3 days > I can still see this client trying to connect to it when I ssh from > another terminal: > > [root at centos log]# lsof | grep 192.168.8.125 > sshd????? 6630????? root??? 7u???? IPv4????????????? 24776 0t0??????? > TCP centos.company.co.uk:57423->192.168.8.125:ldap (SYN_SENT) > sshd????? 6642????? root??? 7u???? IPv4????????????? 24812 0t0??????? > TCP centos.company.co.uk:57425->192.168.8.125:ldap (SYN_SENT) > > At the same time I can see a lot of successful TCP flags (ESTABLISHED, > CLOSE_WAIT) against DC1. > Since no configuration changes have...

...ct is that browsers report a "could not connect" error. I'm not an expert at analysing this kind of problem, but while the browser's request is pending, I get the following output from "netstat -tp": tcp 0 1 192.168.0.4:35013 66.249.93.104:www SYN_SENT 17080/konquerorni5O I was surprised to see that the browser had directly contacted the remote site. This feels like a bug to me, but it could also be that I'm doing something wrong/stupid. I tried replacing the REDIRECT with a DNAT to 127.0.0.1:3128, and got the same netstat output. I...

...d got the following: core_tcp_connect: connecting core_tcp_connect: connected core_tcp_connect: at out: closing CompletionToken core_tcp_write: Sending 227 bytes tcp transmit failed, Access Denied Meanwhile on the OVMF side I could get these debug logs: Tcb (3F296898) state TCP_CLOSED --> TCP_SYN_SENT TcpToSendData: set RTT measure sequence 464107706 for TCB 3F296898 Tcb (3F296898) state TCP_SYN_SENT --> TCP_ESTABLISHED TcpComputeRtt: new RTT for TCB 3F296898 computed SRTT: 0 RTTVAR: 0 RTO: 5 TcpInput: connection established for TCB 3F296898 in SYN_SENT TcpInput: connection reset for TCB 3F29...

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

On 18/07/19 13:19, Rowland penny via samba wrote: > OK, from my understanding DC1 is using the internal dns and DC2 is > using Bind9. It's the other way round. On dc1 port 53 is mapped to /usr/sbin/named -u bind. On dc2 it's /usr/sbin/samba. I wasn't sure what to do when I deployed dc2. I remember installing bind9 on dc2 but then purging it. BTW - does it matter for

Hello, I''ve finally managed to setup a firewall with freeswan 2.04 using the kernel crypto api (backported from kernel 2.6). (Almost) everything seems to work fine if I disable shorewall, but packets are filtered whe shorewall is active. I''ve already read a past thread on the subject and I followed all the hints and it actually partially works: my lan I can access the remote

Hi !, I have this problem. On a Mandrake 10.0 server with all the updates (Kernel 2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our internal users have to FTP some files to our external web server. I think we have the correct configuration and rules in shorewall, and have read the http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to the

....5:52836 SYN_RECV //server root at node1:~# netstat -ant | grep 1022 tcp 0 0 10.0.0.5:1022 0.0.0.0:* LISTEN tcp 0 0 10.0.0.5:39668 10.0.0.6:1022 TIME_WAIT tcp 0 1 10.0.0.5:52836 10.0.0.6:1022 SYN_SENT

...0.0.0.0:* LISTEN 2242/vsftpd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2181/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5201/master tcp 0 1 192.168.101.11:32847 212.23.3.98:25 SYN_SENT 7930/telnet tcp 0 0 :::993 :::* LISTEN 3416/dovecot tcp 0 0 :::995 :::* LISTEN 3416/dovecot tcp 0 0 :::110 :::* LISTEN 3416/dovecot tcp 0...

...member server) in the sun box with two ADS. Everything work great, but if the primary ADS (lower IP) is crashed, then the wbinfo -t, wbinfo -u ... answers has a very long timeout (~8-9 min). Descriptions (after a lot of debugging): * The Sun box has same time for initialize a TCP connection (SYN_SENT) if the destination host not running. - Try on linux how much is yours machine with "# date; telnet 192.168.0.1; date" (IP must good on your network and not exist on it) * Samba has a cache for the unavailable ADS (KDC) (but this expire after 30 seconds) - the samba has...