thr3ads.net - Shorewall users - more on troubles with dmz www server [Aug 2004]

If this information is useful, please help other people find it:
Share via:

Matt Nowinski

2004-Aug-01 11:31 UTC

more on troubles with dmz www server

Thanks for the tips, Tom.

Here is the tcpdump -n output on the dmz computer - this gets repeated
several times as the remote computer attempts to connect:

18:11:54.264580 66.113.134.243.55080 > 192.168.2.1.8082: S
3210481212:3210481212(0) win 5840 <mss 1460,sackOK,timestamp 65650966
0,nop,wscale 0> (DF)
18:11:54.264696 192.168.2.1.8082 > 66.113.134.243.55080: S
2765561851:2765561851(0) ack 3210481213 win 16060 <mss 1460,sackOK,timestamp
8845122 65650966,nop,wscale 0> (DF)

18:11:55.336674 192.168.2.1.8082 > 66.113.134.243.55036: S
2746570128:2746570128(0) ack 3199662822 win 16060 <mss 1460,sackOK,timestamp
8845230 65648857,nop,wscale 0> (DF)

18:11:57.257425 66.113.134.243.55080 > 192.168.2.1.8082: S
3210481212:3210481212(0) win 5840 <mss 1460,sackOK,timestamp 65651266
0,nop,wscale 0> (DF)

18:11:57.257466 192.168.2.1.8082 > 66.113.134.243.55080: S
2765561851:2765561851(0) ack 3210481213 win 16060 <mss 1460,sackOK,timestamp
8845422 65650966,nop,wscale 0> (DF)

18:11:57.336673 192.168.2.1.8082 > 66.113.134.243.55080: S
2765561851:2765561851(0) ack 3210481213 win 16060 <mss 1460,sackOK,timestamp
8845430 65650966,nop,wscale 0> (DF)

Here is the tcpdump -n output on the firewall computer on eth2, which is the
dmz interface:

22:53:03.075498 66.113.134.243.54050 > 192.168.2.1.8082: S
2671448490:2671448490(0) win 5840 <mss 1460,sackOK,timestamp 65598444
0,nop,wscale 0> (DF)

22:53:03.076148 192.168.2.1.8082 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8792600 65598444,nop,wscale 0> (DF)

22:53:06.067528 66.113.134.243.54050 > 192.168.2.1.8082: S
2671448490:2671448490(0) win 5840 <mss 1460,sackOK,timestamp 65598744
0,nop,wscale 0> (DF)

22:53:06.067884 192.168.2.1.8082 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8792899 65598444,nop,wscale 0> (DF)

22:53:06.368703 192.168.2.1.8082 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8792930 65598444,nop,wscale 0> (DF)

22:53:12.068541 66.113.134.243.54050 > 192.168.2.1.8082: S
2671448490:2671448490(0) win 5840 <mss 1460,sackOK,timestamp 65599344
0,nop,wscale 0> (DF)

22:53:12.068899 192.168.2.1.8082 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8793499 65598444,nop,wscale 0> (DF)

22:53:12.869708 192.168.2.1.8082 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8793580 65598444,nop,wscale 0> (DF)

Finally, here is the tcpdump -n output on the firewall computer on eth0,
which is the external interface:

22:54:38.383115 68.232.139.98.80 > 66.113.134.243.54050: S
2211166562:2211166562(0) ack 2671448491 win 16060 <mss 1460,sackOK,timestamp
8802130 65598444,nop,wscale 0> (DF)

22:54:41.202241 66.113.134.243.54050> 68.232.139.98.80: S
2771835465:2771835465(0) win 5840 <mss 1460,sackOK,timestamp 65608256
0,nop,wscale 0> (DF)

22:54:41.202980 68.232.139.98.80 > 66.113.134.243.54050: S
2311317302:2311317302(0) ack 2771835466 win 16060 <mss 1460,sackOK,timestamp
8802411 65607356,nop,wscale 0> (DF)

22:54:41.883619 68.232.139.98.80 > 66.113.134.243.54050: S
2311317302:2311317302(0) ack 2771835466 win 16060 <mss 1460,sackOK,timestamp
8802480 65607356,nop,wscale 0> (DF)

Once again, any and all help is greatly appreciated...

-matt
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.732 / Virus Database: 486 - Release Date: 7/29/2004

Tom Eastep

2004-Aug-01 16:47 UTC

head link

Re: more on troubles with dmz www server

Matt Nowinski wrote:
> Thanks for the tips, Tom.
> 
> Here is the tcpdump -n output 
Matt

I didn''t see anything wrong with that output except that it appears
that
the SYN,ACK from your firewall isn''t reaching the client or is being 
ignored by the client for some reason. What does a packet trace show on 
the client system? Can you ping the client system from the firewall?

The bottom line is that it appears that your Firewall is doing the 
correct thing.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Tom Eastep

2004-Aug-04 15:05 UTC

head link

Re: more on troubles with dmz www server

Tom Eastep wrote:> Matt Nowinski wrote:
> 
>> Thanks for the tips, Tom.
>>
>> Here is the tcpdump -n output 
> 
> 
> Matt
> 
> I didn''t see anything wrong with that output except that it
appears that
> the SYN,ACK from your firewall isn''t reaching the client or is
being
> ignored by the client for some reason. What does a packet trace show on 
> the client system? Can you ping the client system from the firewall?
> 
> The bottom line is that it appears that your Firewall is doing the 
> correct thing.
> 
Any luck sorting this out Matt?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Possibly Parallel Threads

Search for more maybe matching threads

Shorewall users - Aug 2004 - more on troubles with dmz www server

more on troubles with dmz www server

Re: more on troubles with dmz www server

Re: more on troubles with dmz www server

Possibly Parallel Threads