Hi all I am trying to debug the following problem:
When I have PC users on the LAN try to connnect to "*.myspace.com",
there is a long wait, followed by the remore host sending a RST, and
then even stranger, the SME Server here, pushes out a "private
address", to which the router just baulks (I would expect). Does anyone
have any suggestions as to what might be going on. There are a couple
of other issues with a handful of websites, but this is my starting
point of investigation. TIA
Any help would be greatly appreciated.
A layout and packet trace are below. Specs on systems at very bottom.
(internet "bigpond.com")---[linux f/w router, rp-pppoe]---[NAT gateway
"smeserver 7.0"]---LAN
08:23:59*adriana*~]# tcpdump -lt -i ppp0 src or dst myspace.com | sed
-f /usr/local/sbin/alias_hosts
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
IP mercedes.domain.name.3807 > profile.myspace.com.http: S
2122816955:2122816955(0) win 65535 <mss 1460,nop,nop,sackOK>
IP profile.myspace.com.http > mercedes.domain.name.3807: S
1232998668:1232998668(0) ack 2122816956 win 8190 <mss 1460>
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 1 win
65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: . 1:1453(1452)
ack 1 win 65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: P
1453:1651(198) ack 1 win 65535
IP profile.myspace.com.http > mercedes.domain.name.3807: . ack 1651 win
65535
IP profile.myspace.com.http > mercedes.domain.name.3807: P 1:359(358)
ack 1651 win 65535
IP profile.myspace.com.http > mercedes.domain.name.3807: P
7659:8693(1034) ack 1651 win 65535
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 359 win
65177
IP profile.myspace.com.http > mercedes.domain.name.3792: R
3780521494:3780521494(0) win 9700
IP mercedes.domain.name.3792 > profile.myspace.com.http: . ack
3780518574 win 65127
IP 192.168.1.194.3767 > profile.myspace.com.http: F
2416400228:2416400228(0) ack 1010363638 win 65127
IP profile.myspace.com.http > mercedes.domain.name.3805: R
1924194245:1924194245(0) win 9301
IP mercedes.domain.name.3767 > profile.myspace.com.http: .
2416400227:2416400228(1) ack 1010363638 win 65127
IP profile.myspace.com.http > mercedes.domain.name.3767: R
1010363638:1010363638(0) win 8201
IP profile.myspace.com.http > mercedes.domain.name.3807: R
1233007361:1233007361(0) win 9300
IP mercedes.domain.name.3807 > profile.myspace.com.http: . ack 359 win
65177
The router is kernel 2.6.18, with tc traffic shaping, and iptables.
[08:25:56*adriana*sbin]# iptables -n -L
Chain INPUT (policy DROP)
target prot opt source destination
INPUT_BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:!0x16/0x02 state NEW
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x3F/0x00
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x03/0x03
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x06
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x05/0x05
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x11/0x01
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x30/0x20
REJECT all -- 0.0.0.0/0 224.0.0.0/4
reject-with icmp-port-unreachable
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 limit: avg 1/sec burst 5
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8
ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
limit: avg 1/min burst 2
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg
150/min burst 280
DROP udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 203.37.109.48/28 0.0.0.0/0 tcp
dpt:3000
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
ESTABLISHED
BLACKLIST all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 203.37.109.51 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 203.37.109.51 tcp dpt:80
DROP all -- 0.0.0.0/0 203.37.109.49
DROP tcp -- !203.37.109.48/28 203.37.109.50 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
limit: avg 1/min burst 2
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02 limit: avg 10/min burst 20
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8 limit: avg 20/min burst 5
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
8
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
Chain BLACKLIST (1 references)
target prot opt source destination
DROP all -- 124.115.33.0/24 0.0.0.0/0
DROP all -- 124.5.62.0/24 0.0.0.0/0
[SNIP]
Chain INPUT_BLACKLIST (1 references)
target prot opt source destination
DROP all -- 124.115.33.0/24 0.0.0.0/0
DROP all -- 124.5.62.0/24 0.0.0.0/0
[SNIP]
[08:41:04*adriana*sbin]# tc -s -d qdisc ls dev ppp0
qdisc htb 1: r2q 10 default 20 direct_packets_stat 0 ver 3.17
Sent 69972760 bytes 284862 pkts (dropped 0, overlimits 139286 requeues
0)
backlog 4p
qdisc sfq 10: parent 1:10 limit 128p quantum 1492b flows 128/1024
perturb 10sec
Sent 8006284 bytes 168150 pkts (dropped 0, overlimits 0 requeues 0)
qdisc sfq 20: parent 1:20 limit 128p quantum 1492b flows 128/1024
perturb 10sec
Sent 18680270 bytes 80832 pkts (dropped 0, overlimits 0 requeues 0)
backlog 5488b 4p
qdisc sfq 30: parent 1:30 limit 128p quantum 1492b flows 128/1024
perturb 10sec
Sent 43286206 bytes 35880 pkts (dropped 0, overlimits 0 requeues 0)
qdisc ingress ffff: ----------------
Sent 367297236 bytes 378467 pkts (dropped 12609, overlimits 0 requeues
0)
THe NAT gateway is a Mitel Networks "SME SERVER 7.0", with kernel
2.6.9-42.ELsmp
[root@mercedes ~]# iptables -n -L
Chain INPUT (policy DROP)
target prot opt source destination
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
InboundICMP icmp -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
InboundTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
InboundUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
spts:67:68
gre-in 47 -- 0.0.0.0/0 0.0.0.0/0
denylog 47 -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 216.178.32.137
ACCEPT all -- 0.0.0.0/0 216.178.32.52
ACCEPT all -- 0.0.0.0/0 216.178.32.51
ACCEPT all -- 0.0.0.0/0 216.178.32.48
ACCEPT all -- 0.0.0.0/0 216.178.32.49
ACCEPT all -- 0.0.0.0/0 216.178.32.50
state_chk all -- 0.0.0.0/0 0.0.0.0/0
local_chk all -- 0.0.0.0/0 0.0.0.0/0
ForwardedTCP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
ForwardedUDP udp -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PPPconn all -- 0.0.0.0/0 0.0.0.0/0
denylog all -- 224.0.0.0/4 0.0.0.0/0
denylog all -- 0.0.0.0/0 224.0.0.0/4
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain ForwardedTCP (1 references)
target prot opt source destination
ForwardedTCP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x16/0x02
Chain ForwardedTCP_3155 (1 references)
target prot opt source destination
Chain ForwardedUDP (1 references)
target prot opt source destination
ForwardedUDP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog udp -- 0.0.0.0/0 0.0.0.0/0
Chain ForwardedUDP_3155 (1 references)
target prot opt source destination
Chain InboundICMP (1 references)
target prot opt source destination
InboundICMP_3155 all -- 0.0.0.0/0 0.0.0.0/0
denylog icmp -- 0.0.0.0/0 0.0.0.0/0
Chain InboundICMP_3155 (1 references)
target prot
...
read more »
Reply »
From: alt.test...@gmail.com - view profile
Date: Wed, Dec 20 2006 12:36 pm
Email: alt.test...@gmail.com
Groups: comp.protocols.tcp-ip
Not yet rated
Rating:
show options
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Remove | Report Abuse | Find messages by this author
Further debug info: This was a specific connection where the "private
address" popped up on the gateway nic.
155: 192.168.1.182:50470 - collect.myspace.com:80 (kw2kx) 14> 0<
(reset) (unidirectional)
[09:02:53*adriana*~]# tcptrace -r -l -o155 tcpdump.out
1 arg remaining, starting with 'tcpdump.out'
Ostermann's tcptrace -- version 6.6.7 -- Thu Nov 4, 2004
22658 packets seen, 22658 TCP packets traced
elapsed wallclock time: 0:01:04.028949, 353 pkts/sec analyzed
trace file elapsed time: 0:30:24.360635
TCP connection info:
1038 TCP connections traced:
================================
TCP connection 155:
host kw: 192.168.1.182:50470
host kx: collect.myspace.com:80
complete conn: RESET (SYNs: 0) (FINs: 1)
first packet: Mon Dec 18 13:57:31.525631 2006
last packet: Mon Dec 18 14:06:18.131586 2006
elapsed time: 0:08:46.605955
total packets: 14
filename: tcpdump.out
kw->kx: kx->kw:
total packets: 14 total packets:
0
resets sent: 1 resets sent:
0
ack pkts sent: 14 ack pkts sent:
0
pure acks sent: 0 pure acks sent:
0
sack pkts sent: 0 sack pkts sent:
0
dsack pkts sent: 0 dsack pkts sent:
0
max sack blks/ack: 0 max sack blks/ack:
0
unique bytes sent: 0 unique bytes sent:
0
actual data pkts: 0 actual data pkts:
0
actual data bytes: 0 actual data bytes:
0
rexmt data pkts: 12 rexmt data pkts:
0
rexmt data bytes: 12 rexmt data bytes:
0
zwnd probe pkts: 0 zwnd probe pkts:
0
zwnd probe bytes: 0 zwnd probe bytes:
0
outoforder pkts: 0 outoforder pkts:
0
pushed data pkts: 0 pushed data pkts:
0
SYN/FIN pkts sent: 0/13 SYN/FIN pkts sent:
0/0
urgent data pkts: 0 pkts urgent data pkts:
0 pkts
urgent data bytes: 0 bytes urgent data bytes:
0 bytes
mss requested: 0 bytes mss requested:
0 bytes
max segm size: 0 bytes max segm size:
0 bytes
min segm size: 0 bytes min segm size:
0 bytes
avg segm size: 0 bytes avg segm size:
0 bytes
max win adv: 65535 bytes max win adv:
0 bytes
min win adv: 65535 bytes min win adv:
0 bytes
zero win adv: 0 times zero win adv:
0 times
avg win adv: 60853 bytes avg win adv:
0 bytes
initial window: 0 bytes initial window:
0 bytes
initial window: 0 pkts initial window:
0 pkts
ttl stream length: NA ttl stream length:
NA
missed data: NA missed data:
NA
truncated data: 0 bytes truncated data:
0 bytes
truncated packets: 0 pkts truncated packets:
0 pkts
data xmit time: 0.000 secs data xmit time:
0.000 secs
idletime max: 64030.0 ms idletime max:
NA ms
throughput: 0 Bps throughput:
0 Bps
RTT samples: 0 RTT samples:
0
RTT min: 0.0 ms RTT min:
0.0 ms
RTT max: 0.0 ms RTT max:
0.0 ms
RTT avg: 0.0 ms RTT avg:
0.0 ms
RTT stdev: 0.0 ms RTT stdev:
0.0 ms
RTT from 3WHS: 0.0 ms RTT from 3WHS:
0.0 ms
RTT full_sz smpls: 0 RTT full_sz smpls:
0
RTT full_sz min: 0.0 ms RTT full_sz min:
0.0 ms
RTT full_sz max: 0.0 ms RTT full_sz max:
0.0 ms
RTT full_sz avg: 0.0 ms RTT full_sz avg:
0.0 ms
RTT full_sz stdev: 0.0 ms RTT full_sz stdev:
0.0 ms
post-loss acks: 0 post-loss acks:
0
segs cum acked: 0 segs cum acked:
0
duplicate acks: 0 duplicate acks:
0
triple dupacks: 0 triple dupacks:
0
max # retrans: 12 max # retrans:
0
min retr time: 1616.3 ms min retr time:
0.0 ms
max retr time: 64030.0 ms max retr time:
0.0 ms
avg retr time: 38548.3 ms avg retr time:
0.0 ms
sdv retr time: 27876.1 ms sdv retr time:
0.0 ms
[09:04:03*adriana*~]#
This analysis was of a connection that was simply reset.
119: mercedes.domain.name:50447 - profile.myspace.com:80 (ic2id)
8> 8< (reset)
[09:04:03*adriana*~]# tcptrace -r -l -o119 tcpdump.out
1 arg remaining, starting with 'tcpdump.out'
Ostermann's tcptrace -- version 6.6.7 -- Thu Nov 4, 2004
22658 packets seen, 22658 TCP packets traced
elapsed wallclock time: 0:00:16.901270, 1340 pkts/sec analyzed
trace file elapsed time: 0:30:24.360635
TCP connection info:
1038 TCP connections traced:
================================
TCP connection 119:
host ic:
mercedes.futureentertainment.halcyon-infra.net:50447
host id: profile.myspace.com:80
complete conn: RESET (SYNs: 2) (FINs: 1)
first packet: Mon Dec 18 13:54:31.337035 2006
last packet: Mon Dec 18 13:57:17.911409 2006
elapsed time: 0:02:46.574373
total packets: 16
filename: tcpdump.out
ic->id: id->ic:
total packets: 8 total packets:
8
resets sent: 0 resets sent:
1
ack pkts sent: 7 ack pkts sent:
7
pure acks sent: 3 pure acks sent:
4
sack pkts sent: 0 sack pkts sent:
0
dsack pkts sent: 0 dsack pkts sent:
0
max sack blks/ack: 0 max sack blks/ack:
0
unique bytes sent: 2839 unique bytes sent:
1020
actual data pkts: 3 actual data pkts:
2
actual data bytes: 2839 actual data bytes:
1020
rexmt data pkts: 0 rexmt data pkts:
0
rexmt data bytes: 0 rexmt data bytes:
0
zwnd probe pkts: 0 zwnd probe pkts:
0
zwnd probe bytes: 0 zwnd probe bytes:
0
outoforder pkts: 0 outoforder pkts:
0
pushed data pkts: 1 pushed data pkts:
2
SYN/FIN pkts sent: 1/1 SYN/FIN pkts sent:
1/0
req 1323 ws/ts: Y/Y req 1323 ws/ts:
N/N
adv wind scale: 0 adv wind scale:
0
req sack: Y req sack:
N
sacks sent: 0 sacks sent:
0
urgent data pkts: 0 pkts urgent data pkts:
0 pkts
urgent data bytes: 0 bytes urgent data bytes:
0 bytes
mss requested: 1460 bytes mss requested:
1460 bytes
max segm size: 1452 bytes max segm size:
731 bytes
min segm size: 8 bytes min segm size:
289 bytes
avg segm size: 946 bytes avg segm size:
509 bytes
max win adv: 65535 bytes max win adv:
65535 bytes
min win adv: 65411 bytes min win adv:
8190 bytes
zero win adv: 0 times zero win adv:
0 times
avg win adv: 65519 bytes avg win adv:
42303 bytes
initial window: 1460 bytes initial window:
289 bytes
initial window: 2 pkts initial window:
1 pkts
ttl stream length: 2839 bytes ttl stream length:
NA
missed data: 0 bytes missed data:
NA
truncated data: 0 bytes truncated data:
0 bytes
truncated packets: 0 pkts truncated packets:
0 pkts
data xmit time: 0.257 secs data xmit time:
0.072 secs
idletime max: 22884.3 ms idletime max:
141577.7 ms
throughput: 17 Bps throughput:
6 Bps
RTT samples: 4 RTT samples:
2
RTT min: 184.5 ms RTT min:
0.4 ms
RTT max: 401.3 ms RTT max:
0.5 ms
RTT avg: 272.2 ms RTT avg:
0.4 ms
RTT stdev: 91.8 ms RTT stdev:
0.0 ms
RTT from 3WHS: 247.2 ms RTT from 3WHS:
0.5 ms
RTT full_sz smpls: 1 RTT full_sz smpls:
1
RTT full_sz min: 401.3 ms RTT full_sz min:
0.4 ms
RTT full_sz max: 401.3 ms RTT full_sz max:
0.4 ms
RTT full_sz avg: 401.3 ms RTT full_sz avg:
0.4 ms
RTT full_sz stdev: 0.0 ms RTT full_sz stdev:
0.0 ms
post-loss acks: 0 post-loss acks:
0
segs cum acked: 1 segs cum acked:
0
duplicate acks: 0 duplicate acks:
1
triple dupacks: 0 triple dupacks:
0
max # retrans: 0 max # retrans:
0
min retr time: 0.0 ms min retr time:
0.0 ms
max retr time: 0.0 ms max retr time:
0.0 ms
avg retr time: 0.0 ms avg retr time:
0.0 ms
sdv retr time: 0.0 ms sdv retr time:
0.0 ms
1 Replies
1942 Views