Continuing saga of my --stupidity-- network problems
Alistair Tonner
Atonner@softhome.net
Mon, 3 Dec 2001 16:17:22 -0500
1) I apologize to the list as a whole ... I missed the obvious
extension to what
I was doing before ... (If one logs the inbound ... log the
outbound too!)
2) It appears the ACKS are actually getting in the door... but
*something* is going
awry once they are in ... and I suspect it's a combination of
my Linux and Winders
TCP stacks not agreeing on something ...
Snippet from debug during the transfer...
Dec 3 15:59:45 Ajftl1 proftpd[3232]: Ajftl1.Ajfthome.on.ca
(Shmq1.Ajfthome.on.ca[10.1.105.16]) - active data connection opened -
local : 10.1.105.45:20
Dec 3 15:59:45 Ajftl1 proftpd[3232]: Ajftl1.Ajfthome.on.ca
(Shmq1.Ajfthome.on.ca[10.1.105.16]) - active data connection opened -
remote : 10.1.105.16:1079
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=4744
PROTO=TCP SPT=21 DPT=1078 WINDOW=5840 RES=0x00 ACK PSH URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=179 TOS=0x00 PREC=0x00 TTL=64 ID=8960
PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK PSH URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=8224
PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=18435 PROTO=TCP
SPT=1079 DPT=20 WINDOW=8192 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=8224
PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=15665 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=14388 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=18947 PROTO=TCP
SPT=1078 DPT=21 WINDOW=7893 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45551 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=19203 PROTO=TCP
SPT=1079 DPT=20 WINDOW=8192 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45553 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=17487 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=19459 PROTO=TCP
SPT=1079 DPT=20 WINDOW=8192 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45550 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45549 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:45 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45552 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:46 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45557 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:46 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=19971 PROTO=TCP
SPT=1079 DPT=20 WINDOW=8192 RES=0x00 ACK URGP=0
Dec 3 15:59:46 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45559 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:46 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=45554 PROTO=TCP SPT=20 DPT=1079 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 15:59:46 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=20227 PROTO=TCP
SPT=1079 DPT=20 WINDOW=8192 RES=0x00 ACK URGP=0
Which whilst it doesn't look quite right to me ... is nevertheless
an indication that the ACKs are making it home.
it ends with a series as so ....
Dec 3 16:08:42 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=138 DPT=138 LEN=221
Dec 3 16:08:42 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT= MAC=
SRC=10.1.105.45 DST=10.1.105.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=138 DPT=138 LEN=221
Dec 3 16:08:42 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=138 DPT=138 LEN=215
Dec 3 16:08:42 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT= MAC=
SRC=10.1.105.45 DST=10.1.105.255 LEN=235 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=138 DPT=138 LEN=215
Dec 3 16:09:12 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:80:c8:df:b7:1e:08:00 SRC=10.1.105.20
DST=10.1.105.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=21248 PROTO=UDP
SPT=138 DPT=138 LEN=215
Dec 3 16:09:12 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.255 LEN=237 TOS=0x00 PREC=0x00 TTL=128 ID=39171 PROTO=UDP
SPT=138 DPT=138 LEN=217
Dec 3 16:09:42 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39427 PROTO=TCP
SPT=1080 DPT=21 WINDOW=7893 RES=0x00 ACK FIN URGP=0
Dec 3 16:09:42 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=13113
PROTO=TCP SPT=21 DPT=1080 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 16:09:48 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:80:c8:23:6e:8d:08:00 SRC=10.1.105.14
DST=10.1.105.255 LEN=233 TOS=0x00 PREC=0x00 TTL=32 ID=22784 PROTO=UDP
SPT=138 DPT=138 LEN=213
Dec 3 16:09:50 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=1500 TOS=0x00 PREC=0x00 TTL=64
ID=64781 PROTO=TCP SPT=20 DPT=1081 WINDOW=5840 RES=0x00 ACK URGP=0
Dec 3 16:09:50 Ajftl1 proftpd[3346]: Ajftl1.Ajfthome.on.ca
(Shmq1.Ajfthome.on.ca[10.1.105.16]) - Transfer aborted after 65536 bytes
in 236.87 seconds.
Dec 3 16:09:50 Ajftl1 proftpd[3346]: Ajftl1.Ajfthome.on.ca
(Shmq1.Ajfthome.on.ca[10.1.105.16]) - FTP session closed.
Dec 3 16:09:50 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39683 PROTO=TCP
SPT=1081 DPT=20 WINDOW=0 RES=0x00 RST URGP=0
Dec 3 16:09:50 Ajftl1 kernel: IPT OUTPUT START: IN= OUT=eth1
SRC=10.1.105.45 DST=10.1.105.16 LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=64779
PROTO=TCP SPT=21 DPT=1080 WINDOW=5840 RES=0x00 ACK PSH URGP=0
Dec 3 16:09:50 Ajftl1 kernel: IPT INPUT START: IN=eth1 OUT=
MAC=00:80:c8:df:de:46:00:80:c8:df:e0:54:08:00 SRC=10.1.105.16
DST=10.1.105.45 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=39939 PROTO=TCP
SPT=1080 DPT=21 WINDOW=0 RES=0x00 RST URGP=0
As you can see from the ftp stuff, it stomps on the connection.
Ajftl1=10.1.105.45
All I know from the above is that this isn't really an IPTABLES
problem, but a network issue. If someone here can see from all the
crap I've posted what the cause is, kindly beat me over the head
with it, in the meantime I'm back to digging in the networking
stuff.... or taking this all to work and dropping it on the guys
in networking there... (Hey. ... I'm just an weeny Systems Analyst man...
don;t know no networking stuff....)
In the meantime .. to avoid killing /var I'm turning off the debug
in proftpd, and the extra logging in the iptables...
it generates a crapload of data .....
My utmost thanks to any or all who care to assist...
Alistair Tonner.