[Bug 443] New: 2.6 kernel failing in NAT with significant outbound traffic

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Wed Feb 8 05:32:52 CET 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443

           Summary: 2.6 kernel failing in NAT with significant outbound
                    traffic
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: i386
        OS/Version: All
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: NAT
        AssignedTo: laforge at netfilter.org
        ReportedBy: nothingel at hotmail.com


the following do NOT exhibit the problem:

knoppix 3.3 (kernel 2.4.22-xfs)
either eepro100 or e100 drivers for the Intel card


the following DO exhibit the problem:

knoppix 4.0.2 (2.6.12)
Fedora Core 4 (stock kernel)
Fedora Core 4 (2.6.15-1.1830_FC4smp, iptables v1.3.0)
both eepro100 and e100 drivers for Intel
random 3com card found and used with knoppix 4.0.2


configuration of iptables:

2.4 kernel (see above) works in either pure routing (no NAT) or with MASQUERADE
or SNAT

2.6.x kernels (see above for exact) ONLY work when using pure routing and NO
MASQUERADING or SNAT'ting is performed.

rule used for testing:
SNAT       all  --  172.30.32.58         0.0.0.0/0           to:172.30.32.55



the scenario:

client1 (internal IP: 172.30.32.58)
linux1 (172.30.32.55, seen as 200.79.245.55 on the Internet due to an upstream NAT)
internetserver1 (80.140.102.163)

please note that all external IPs have been altered to protect the innocent/guilty.

If linux1 performs MASQUERADING or SNAT or any packets passing through it
TO/FROM the internet, the following situation is observed:

1) data being RETREIVED from the Internet works as expected.  100+mb of data has
been tested.

2) data being PUSHED to the Internet will fail after a variable (but typically
small) amount of data has been sent.

The common testing scenario has been an FTP server running on internetserver1. 
Data can be retreived via linux1 without problems.  However, data cannot be
pushed.  The connection dies after approximately 100k has been transmitted.

If the above conditions are converted into pure routing (no NAT involved on
linux1 and all iptables rules removed), then data can be pushed or retrieved
without trouble.

If linux1 acts as a client only, data can be sent/received as expected.

If the above scenario is converted whereby the "internetserver" is actually just
another host on the same LAN segment as linux1 (i.e. no other routers involved)
then the problem is NOT observed.

The situation basically boils down to SNAT or MASQUERADING being used on linux1
and data is being SENT to the Internet via one or more upstream routers/NATs

The upstream router/firewall for linux1 is various Cisco Equipment.  I do know
at least one PIX is involved and is probably responsible for the final NAT
before hitting the Internet.  All upstream routing devices are outside of my
control.  Furthermore, I cannot place a device further upstream for sniffing or
testing.  I strongly suspect that the upstream equipment are altering the
packets somehow but, as I said, I cannot test further.


I am providing summary tcpdump outputs from the various points:

seen on client1:

      1 0.000000    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324137529 TSER=0 WS=2
      2 2.999436    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=23360 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
      3 3.048296    80.140.102.163        172.30.32.58          TCP      ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95155516 TSER=324140529
WS=0
      4 3.048354    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
      5 3.166436    80.140.102.163        172.30.32.58          FTP     
Response: 220 FTP server ready.
      6 3.166527    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=24 Win=5840 Len=0 TSV=324140696 TSER=95155530
      7 3.166765    172.30.32.58          80.140.102.163        FTP     
Request: AUTH GSSAPI
      8 3.218776    80.140.102.163        172.30.32.58          TCP      ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
      9 3.226570    80.140.102.163        172.30.32.58          FTP     
Response: 504 AUTH GSSAPI not supported.
     10 3.226659    172.30.32.58          80.140.102.163        FTP     
Request: AUTH KERBEROS_V4
     11 3.262592    80.140.102.163        172.30.32.58          FTP     
Response: 504 AUTH KERBEROS_V4 not supported.
     12 3.309366    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
     13 4.030022    172.30.32.58          80.140.102.163        FTP     
Request: USER test1
     14 4.063330    80.140.102.163        172.30.32.58          FTP     
Response: 331 Password required for test1.
     15 4.063379    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
     16 4.716292    172.30.32.58          80.140.102.163        FTP     
Request: PASS test1
     17 4.764072    80.140.102.163        172.30.32.58          FTP     
Response: 230 User test1 logged in.  Access restrictions apply.
     18 4.764138    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
     19 4.764236    172.30.32.58          80.140.102.163        FTP     
Request: SYST
     20 4.798225    80.140.102.163        172.30.32.58          FTP     
Response: 215 UNIX Type: L8
     21 4.842131    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
     22 5.267008    172.30.32.58          80.140.102.163        FTP     
Request: TYPE I
     23 5.292612    80.140.102.163        172.30.32.58          FTP     
Response: 200 Type set to I.
     24 5.292663    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
     25 9.196991    172.30.32.58          80.140.102.163        FTP     
Request: PASV
     26 9.234872    80.140.102.163        172.30.32.58          FTP     
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
     27 9.234925    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
     28 9.235119    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
     29 9.257155    80.140.102.163        172.30.32.58          TCP      21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95156139 TSER=324146765
WS=0
     30 9.257178    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
     31 9.257229    172.30.32.58          80.140.102.163        FTP     
Request: STOR test5.rar
     32 9.281767    80.140.102.163        172.30.32.58          FTP     
Response: 150 Opening BINARY mode data connection for test5.rar.
     33 9.282102    172.30.32.58          80.140.102.163        FTP-DATA FTP
Data: 1368 bytes
     34 9.282119    172.30.32.58          80.140.102.163        FTP-DATA FTP
Data: 1368 bytes
     35 9.321453    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
     36 9.342892    80.140.102.163        172.30.32.58          FTP     
Response: 426 Data Connection: Connection reset by peer.
     37 9.342922    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
     38 9.503426    172.30.32.58          80.140.102.163        FTP-DATA [TCP
Retransmission] FTP Data: 1368 bytes
     39 9.506474    80.140.102.163        172.30.32.58          TCP      21522 >
60176 [RST, ACK] Seq=1 Ack=1 Win=1460 Len=1368 TSV=324147034 TSER=95156139
     40 10.826305   172.30.32.58          80.140.102.163        FTP     
Request: QUIT
     41 10.853717   80.140.102.163        172.30.32.58          FTP     
Response: 221-You have transferred 0 bytes in 0 files.
     42 10.853774   172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
     43 10.880857   80.140.102.163        172.30.32.58          FTP     
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
     44 10.881060   172.30.32.58          80.140.102.163        TCP      33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
     45 10.915571   80.140.102.163        172.30.32.58          TCP      ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411

seen on linux1 (entering box):

      1 0.000000    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324137529 TSER=0 WS=2
      2 2.999701    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=23360 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
      3 3.049680    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=0 Win=5840 Len=0 TSV=324140577 TSER=95155516
      4 3.166794    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=23 Win=5840 Len=0 TSV=324140696 TSER=95155530
      5 3.168104    172.30.32.58          80.140.102.163        FTP     
Request: AUTH GSSAPI
      6 3.226935    172.30.32.58          80.140.102.163        FTP     
Request: AUTH KERBEROS_V4
      7 3.309649    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=32 Ack=92 Win=5840 Len=0 TSV=324140839 TSER=95155540
      8 4.031426    172.30.32.58          80.140.102.163        FTP     
Request: USER test1
      9 4.064772    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=44 Ack=126 Win=5840 Len=0 TSV=324141593 TSER=95155620
     10 4.716676    172.30.32.58          80.140.102.163        FTP     
Request: PASS test1
     11 4.764610    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=56 Ack=181 Win=5840 Len=0 TSV=324142293 TSER=95155690
     12 4.764642    172.30.32.58          80.140.102.163        FTP     
Request: SYST
     13 4.842510    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=62 Ack=200 Win=5840 Len=0 TSV=324142372 TSER=95155693
     14 5.268488    172.30.32.58          80.140.102.163        FTP     
Request: TYPE I
     15 5.293071    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=70 Ack=220 Win=5840 Len=0 TSV=324142822 TSER=95155743
     16 9.198730    172.30.32.58          80.140.102.163        FTP     
Request: PASV
     17 9.235779    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=76 Ack=270 Win=5840 Len=0 TSV=324146765 TSER=95156137
     18 9.235811    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
     19 9.257893    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1 Ack=0 Win=5840 Len=0 TSV=324146787 TSER=95156139
     20 9.257925    172.30.32.58          80.140.102.163        FTP     
Request: STOR test5.rar
     21 9.283230    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1 Ack=0 Win=5840 Len=1368 TSV=324146812 TSER=95156139
     22 9.283238    172.30.32.58          80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1369 Ack=0 Win=5840 Len=1368 TSV=324146812 TSER=95156139
     23 9.323192    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=326 Win=5840 Len=0 TSV=324146852 TSER=95156142
     24 9.344653    172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=374 Win=5840 Len=0 TSV=324146873 TSER=95156148
     25 9.504455    172.30.32.58          80.140.102.163        TCP      [TCP
Retransmission] 60176 > 21522 [ACK] Seq=1 Ack=0 Win=5840 Len=1368 TSV=324147034
TSER=95156139
     26 10.827080   172.30.32.58          80.140.102.163        FTP     
Request: QUIT
     27 10.854540   172.30.32.58          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=98 Ack=420 Win=5840 Len=0 TSV=324148384 TSER=95156299
     28 10.881827   172.30.32.58          80.140.102.163        TCP      33265 >
ftp [FIN, ACK] Seq=98 Ack=567 Win=5840 Len=0 TSV=324148411 TSER=95156300


seen on linux1 (leaving box):

      1 0.000000    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
      2 0.048608    80.140.102.163        172.30.32.55          TCP      ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95155516 TSER=324140529
WS=0
      3 0.049949    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
      4 0.166765    80.140.102.163        172.30.32.55          FTP     
Response: 220 FTP server ready.
      5 0.168354    172.30.32.55          80.140.102.163        FTP     
Request: AUTH GSSAPI
      6 0.219105    80.140.102.163        172.30.32.55          TCP      ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
      7 0.226903    80.140.102.163        172.30.32.55          FTP     
Response: 504 AUTH GSSAPI not supported.
      8 0.227172    172.30.32.55          80.140.102.163        FTP     
Request: AUTH KERBEROS_V4
      9 0.262925    80.140.102.163        172.30.32.55          FTP     
Response: 504 AUTH KERBEROS_V4 not supported.
     10 0.309887    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
     11 1.031675    172.30.32.55          80.140.102.163        FTP     
Request: USER test1
     12 1.063712    80.140.102.163        172.30.32.55          FTP     
Response: 331 Password required for test1.
     13 1.065000    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
     14 1.716924    172.30.32.55          80.140.102.163        FTP     
Request: PASS test1
     15 1.764492    80.140.102.163        172.30.32.55          FTP     
Response: 230 User test1 logged in.  Access restrictions apply.
     16 1.764838    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
     17 1.764866    172.30.32.55          80.140.102.163        FTP     
Request: SYST
     18 1.798661    80.140.102.163        172.30.32.55          FTP     
Response: 215 UNIX Type: L8
     19 1.842740    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
     20 2.268725    172.30.32.55          80.140.102.163        FTP     
Request: TYPE I
     21 2.293079    80.140.102.163        172.30.32.55          FTP     
Response: 200 Type set to I.
     22 2.293303    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
     23 6.198975    172.30.32.55          80.140.102.163        FTP     
Request: PASV
     24 6.235586    80.140.102.163        172.30.32.55          FTP     
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
     25 6.236007    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
     26 6.236054    172.30.32.55          80.140.102.163        TCP      60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
     27 6.257882    80.140.102.163        172.30.32.55          TCP      21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95156139 TSER=324146765
WS=0
     28 6.258121    172.30.32.55          80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
     29 6.258148    172.30.32.55          80.140.102.163        FTP     
Request: STOR test5.rar
     30 6.282483    80.140.102.163        172.30.32.55          FTP     
Response: 150 Opening BINARY mode data connection for test5.rar.
     31 6.283487    172.30.32.55          80.140.102.163        FTP-DATA [TCP
Previous segment lost] FTP Data: 1368 bytes
     32 6.313056    80.140.102.163        172.30.32.55          TCP      [TCP
Dup ACK 27#1] 21522 > 60176 [ACK] Seq=1 Ack=1 Win=5792 Len=0 TSV=95156145
TSER=324146787 SLE=155600568 SRE=155601936
     33 6.313092    172.30.32.55          80.140.102.163        TCP      60176 >
21522 [RST] Seq=1 Ack=3689136634 Win=0 Len=0
     34 6.323420    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
     35 6.343613    80.140.102.163        172.30.32.55          FTP     
Response: 426 Data Connection: Connection reset by peer.
     36 6.344880    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
     37 6.504718    172.30.32.55          80.140.102.163        FTP-DATA [TCP
Retransmission] FTP Data: 1368 bytes
     38 6.506858    80.140.102.163        172.30.32.55          TCP      21522 >
60176 [RST, ACK] Seq=1 Ack=1 Win=1460 Len=1368 TSV=324147034 TSER=95156139
     39 7.827324    172.30.32.55          80.140.102.163        FTP     
Request: QUIT
     40 7.854532    80.140.102.163        172.30.32.55          FTP     
Response: 221-You have transferred 0 bytes in 0 files.
     41 7.854767    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
     42 7.881652    80.140.102.163        172.30.32.55          FTP     
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
     43 7.882056    172.30.32.55          80.140.102.163        TCP      33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
     44 7.916396    80.140.102.163        172.30.32.55          TCP      ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411


seen on internetserver1:

      1 0.000000    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380 TSV=324140529 TSER=0 WS=2
      2 0.000276    80.140.102.163        200.79.245.55         TCP      ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=95155516 TSER=324140529
WS=0
      3 0.050324    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
      4 0.135774    80.140.102.163        200.79.245.55         FTP     
Response: 220 FTP server ready.
      5 0.170051    200.79.245.55         80.140.102.163        FTP     
Request: AUTH GSSAPI
      6 0.170294    80.140.102.163        200.79.245.55         TCP      ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
      7 0.170714    80.140.102.163        200.79.245.55         FTP     
Response: 504 AUTH GSSAPI not supported.
      8 0.230611    200.79.245.55         80.140.102.163        FTP     
Request: AUTH KERBEROS_V4
      9 0.230888    80.140.102.163        200.79.245.55         FTP     
Response: 504 AUTH KERBEROS_V4 not supported.
     10 0.308042    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
     11 1.031746    200.79.245.55         80.140.102.163        FTP     
Request: USER test1
     12 1.034460    80.140.102.163        200.79.245.55         FTP     
Response: 331 Password required for test1.
     13 1.060843    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
     14 1.713898    200.79.245.55         80.140.102.163        FTP     
Request: PASS test1
     15 1.735585    80.140.102.163        200.79.245.55         FTP     
Response: 230 User test1 logged in.  Access restrictions apply.
     16 1.762264    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
     17 1.768369    200.79.245.55         80.140.102.163        FTP     
Request: SYST
     18 1.768626    80.140.102.163        200.79.245.55         FTP     
Response: 215 UNIX Type: L8
     19 1.850271    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
     20 2.263193    200.79.245.55         80.140.102.163        FTP     
Request: TYPE I
     21 2.263488    80.140.102.163        200.79.245.55         FTP     
Response: 200 Type set to I.
     22 2.299187    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
     23 6.204944    200.79.245.55         80.140.102.163        FTP     
Request: PASV
     24 6.205673    80.140.102.163        200.79.245.55         FTP     
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
     25 6.228282    200.79.245.55         80.140.102.163        TCP      60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380 TSV=324146765 TSER=0 WS=2
     26 6.228420    80.140.102.163        200.79.245.55         TCP      21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=95156139 TSER=324146765
WS=0
     27 6.233944    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
     28 6.249245    200.79.245.55         80.140.102.163        TCP      60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
     29 6.249369    200.79.245.55         80.140.102.163        FTP     
Request: STOR test5.rar
     30 6.251415    80.140.102.163        200.79.245.55         FTP     
Response: 150 Opening BINARY mode data connection for test5.rar.
     31 6.282780    200.79.245.55         80.140.102.163        FTP-DATA [TCP
Previous segment lost] FTP Data: 1368 bytes
     32 6.283268    80.140.102.163        200.79.245.55         TCP      [TCP
Dup ACK 26#1] 21522 > 60176 [ACK] Seq=1 Ack=1 Win=5792 Len=0 TSV=95156145
TSER=324146787 SLE=1369 SRE=2737
     33 6.307168    200.79.245.55         80.140.102.163        TCP      60176 >
21522 [RST] Seq=1 Ack=3689136634 Win=0 Len=0
     34 6.313328    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
     35 6.313533    80.140.102.163        200.79.245.55         FTP     
Response: 426 Data Connection: Connection reset by peer.
     36 6.335303    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
     37 7.824535    200.79.245.55         80.140.102.163        FTP     
Request: QUIT
     38 7.824888    80.140.102.163        200.79.245.55         FTP     
Response: 221-You have transferred 0 bytes in 0 files.
     39 7.834506    80.140.102.163        200.79.245.55         FTP     
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
     40 7.854720    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
     41 7.886283    200.79.245.55         80.140.102.163        TCP      33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
     42 7.886384    80.140.102.163        200.79.245.55         TCP      ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411



The problem seems to show up around "TCP Previous segment lost."  The MSS seems
to change between the initial handshaking between linux1-out and internetserver1.

finally, before considering this situation too rogue, please keep in mind that
the above "problem" is not seen on kernel 2.4.22.

The actual dumps can be provided upon request.  Also, hands-on testing can also
be arranged.

-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the netfilter-buglog mailing list