[Bug 443] New: 2.6 kernel failing in NAT with significant outbound
traffic
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Feb 8 05:32:52 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443
Summary: 2.6 kernel failing in NAT with significant outbound
traffic
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: All
Status: NEW
Severity: blocker
Priority: P2
Component: NAT
AssignedTo: laforge at netfilter.org
ReportedBy: nothingel at hotmail.com
the following do NOT exhibit the problem:
knoppix 3.3 (kernel 2.4.22-xfs)
either eepro100 or e100 drivers for the Intel card
the following DO exhibit the problem:
knoppix 4.0.2 (2.6.12)
Fedora Core 4 (stock kernel)
Fedora Core 4 (2.6.15-1.1830_FC4smp, iptables v1.3.0)
both eepro100 and e100 drivers for Intel
random 3com card found and used with knoppix 4.0.2
configuration of iptables:
2.4 kernel (see above) works in either pure routing (no NAT) or with MASQUERADE
or SNAT
2.6.x kernels (see above for exact) ONLY work when using pure routing and NO
MASQUERADING or SNAT'ting is performed.
rule used for testing:
SNAT all -- 172.30.32.58 0.0.0.0/0 to:172.30.32.55
the scenario:
client1 (internal IP: 172.30.32.58)
linux1 (172.30.32.55, seen as 200.79.245.55 on the Internet due to an upstream NAT)
internetserver1 (80.140.102.163)
please note that all external IPs have been altered to protect the innocent/guilty.
If linux1 performs MASQUERADING or SNAT or any packets passing through it
TO/FROM the internet, the following situation is observed:
1) data being RETREIVED from the Internet works as expected. 100+mb of data has
been tested.
2) data being PUSHED to the Internet will fail after a variable (but typically
small) amount of data has been sent.
The common testing scenario has been an FTP server running on internetserver1.
Data can be retreived via linux1 without problems. However, data cannot be
pushed. The connection dies after approximately 100k has been transmitted.
If the above conditions are converted into pure routing (no NAT involved on
linux1 and all iptables rules removed), then data can be pushed or retrieved
without trouble.
If linux1 acts as a client only, data can be sent/received as expected.
If the above scenario is converted whereby the "internetserver" is actually just
another host on the same LAN segment as linux1 (i.e. no other routers involved)
then the problem is NOT observed.
The situation basically boils down to SNAT or MASQUERADING being used on linux1
and data is being SENT to the Internet via one or more upstream routers/NATs
The upstream router/firewall for linux1 is various Cisco Equipment. I do know
at least one PIX is involved and is probably responsible for the final NAT
before hitting the Internet. All upstream routing devices are outside of my
control. Furthermore, I cannot place a device further upstream for sniffing or
testing. I strongly suspect that the upstream equipment are altering the
packets somehow but, as I said, I cannot test further.
I am providing summary tcpdump outputs from the various points:
seen on client1:
1 0.000000 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324137529 TSER=0 WS=2
2 2.999436 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=23360 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
3 3.048296 80.140.102.163 172.30.32.58 TCP ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95155516 TSER=324140529
WS=0
4 3.048354 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
5 3.166436 80.140.102.163 172.30.32.58 FTP
Response: 220 FTP server ready.
6 3.166527 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=24 Win=5840 Len=0 TSV=324140696 TSER=95155530
7 3.166765 172.30.32.58 80.140.102.163 FTP
Request: AUTH GSSAPI
8 3.218776 80.140.102.163 172.30.32.58 TCP ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
9 3.226570 80.140.102.163 172.30.32.58 FTP
Response: 504 AUTH GSSAPI not supported.
10 3.226659 172.30.32.58 80.140.102.163 FTP
Request: AUTH KERBEROS_V4
11 3.262592 80.140.102.163 172.30.32.58 FTP
Response: 504 AUTH KERBEROS_V4 not supported.
12 3.309366 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
13 4.030022 172.30.32.58 80.140.102.163 FTP
Request: USER test1
14 4.063330 80.140.102.163 172.30.32.58 FTP
Response: 331 Password required for test1.
15 4.063379 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
16 4.716292 172.30.32.58 80.140.102.163 FTP
Request: PASS test1
17 4.764072 80.140.102.163 172.30.32.58 FTP
Response: 230 User test1 logged in. Access restrictions apply.
18 4.764138 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
19 4.764236 172.30.32.58 80.140.102.163 FTP
Request: SYST
20 4.798225 80.140.102.163 172.30.32.58 FTP
Response: 215 UNIX Type: L8
21 4.842131 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
22 5.267008 172.30.32.58 80.140.102.163 FTP
Request: TYPE I
23 5.292612 80.140.102.163 172.30.32.58 FTP
Response: 200 Type set to I.
24 5.292663 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
25 9.196991 172.30.32.58 80.140.102.163 FTP
Request: PASV
26 9.234872 80.140.102.163 172.30.32.58 FTP
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
27 9.234925 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
28 9.235119 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
29 9.257155 80.140.102.163 172.30.32.58 TCP 21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95156139 TSER=324146765
WS=0
30 9.257178 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
31 9.257229 172.30.32.58 80.140.102.163 FTP
Request: STOR test5.rar
32 9.281767 80.140.102.163 172.30.32.58 FTP
Response: 150 Opening BINARY mode data connection for test5.rar.
33 9.282102 172.30.32.58 80.140.102.163 FTP-DATA FTP
Data: 1368 bytes
34 9.282119 172.30.32.58 80.140.102.163 FTP-DATA FTP
Data: 1368 bytes
35 9.321453 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
36 9.342892 80.140.102.163 172.30.32.58 FTP
Response: 426 Data Connection: Connection reset by peer.
37 9.342922 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
38 9.503426 172.30.32.58 80.140.102.163 FTP-DATA [TCP
Retransmission] FTP Data: 1368 bytes
39 9.506474 80.140.102.163 172.30.32.58 TCP 21522 >
60176 [RST, ACK] Seq=1 Ack=1 Win=1460 Len=1368 TSV=324147034 TSER=95156139
40 10.826305 172.30.32.58 80.140.102.163 FTP
Request: QUIT
41 10.853717 80.140.102.163 172.30.32.58 FTP
Response: 221-You have transferred 0 bytes in 0 files.
42 10.853774 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
43 10.880857 80.140.102.163 172.30.32.58 FTP
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
44 10.881060 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
45 10.915571 80.140.102.163 172.30.32.58 TCP ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411
seen on linux1 (entering box):
1 0.000000 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324137529 TSER=0 WS=2
2 2.999701 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=23360 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
3 3.049680 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=0 Win=5840 Len=0 TSV=324140577 TSER=95155516
4 3.166794 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=23 Win=5840 Len=0 TSV=324140696 TSER=95155530
5 3.168104 172.30.32.58 80.140.102.163 FTP
Request: AUTH GSSAPI
6 3.226935 172.30.32.58 80.140.102.163 FTP
Request: AUTH KERBEROS_V4
7 3.309649 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=32 Ack=92 Win=5840 Len=0 TSV=324140839 TSER=95155540
8 4.031426 172.30.32.58 80.140.102.163 FTP
Request: USER test1
9 4.064772 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=44 Ack=126 Win=5840 Len=0 TSV=324141593 TSER=95155620
10 4.716676 172.30.32.58 80.140.102.163 FTP
Request: PASS test1
11 4.764610 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=56 Ack=181 Win=5840 Len=0 TSV=324142293 TSER=95155690
12 4.764642 172.30.32.58 80.140.102.163 FTP
Request: SYST
13 4.842510 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=62 Ack=200 Win=5840 Len=0 TSV=324142372 TSER=95155693
14 5.268488 172.30.32.58 80.140.102.163 FTP
Request: TYPE I
15 5.293071 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=70 Ack=220 Win=5840 Len=0 TSV=324142822 TSER=95155743
16 9.198730 172.30.32.58 80.140.102.163 FTP
Request: PASV
17 9.235779 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=76 Ack=270 Win=5840 Len=0 TSV=324146765 TSER=95156137
18 9.235811 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
19 9.257893 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1 Ack=0 Win=5840 Len=0 TSV=324146787 TSER=95156139
20 9.257925 172.30.32.58 80.140.102.163 FTP
Request: STOR test5.rar
21 9.283230 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1 Ack=0 Win=5840 Len=1368 TSV=324146812 TSER=95156139
22 9.283238 172.30.32.58 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1369 Ack=0 Win=5840 Len=1368 TSV=324146812 TSER=95156139
23 9.323192 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=326 Win=5840 Len=0 TSV=324146852 TSER=95156142
24 9.344653 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=374 Win=5840 Len=0 TSV=324146873 TSER=95156148
25 9.504455 172.30.32.58 80.140.102.163 TCP [TCP
Retransmission] 60176 > 21522 [ACK] Seq=1 Ack=0 Win=5840 Len=1368 TSV=324147034
TSER=95156139
26 10.827080 172.30.32.58 80.140.102.163 FTP
Request: QUIT
27 10.854540 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=98 Ack=420 Win=5840 Len=0 TSV=324148384 TSER=95156299
28 10.881827 172.30.32.58 80.140.102.163 TCP 33265 >
ftp [FIN, ACK] Seq=98 Ack=567 Win=5840 Len=0 TSV=324148411 TSER=95156300
seen on linux1 (leaving box):
1 0.000000 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324140529 TSER=0 WS=2
2 0.048608 80.140.102.163 172.30.32.55 TCP ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95155516 TSER=324140529
WS=0
3 0.049949 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
4 0.166765 80.140.102.163 172.30.32.55 FTP
Response: 220 FTP server ready.
5 0.168354 172.30.32.55 80.140.102.163 FTP
Request: AUTH GSSAPI
6 0.219105 80.140.102.163 172.30.32.55 TCP ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
7 0.226903 80.140.102.163 172.30.32.55 FTP
Response: 504 AUTH GSSAPI not supported.
8 0.227172 172.30.32.55 80.140.102.163 FTP
Request: AUTH KERBEROS_V4
9 0.262925 80.140.102.163 172.30.32.55 FTP
Response: 504 AUTH KERBEROS_V4 not supported.
10 0.309887 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
11 1.031675 172.30.32.55 80.140.102.163 FTP
Request: USER test1
12 1.063712 80.140.102.163 172.30.32.55 FTP
Response: 331 Password required for test1.
13 1.065000 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
14 1.716924 172.30.32.55 80.140.102.163 FTP
Request: PASS test1
15 1.764492 80.140.102.163 172.30.32.55 FTP
Response: 230 User test1 logged in. Access restrictions apply.
16 1.764838 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
17 1.764866 172.30.32.55 80.140.102.163 FTP
Request: SYST
18 1.798661 80.140.102.163 172.30.32.55 FTP
Response: 215 UNIX Type: L8
19 1.842740 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
20 2.268725 172.30.32.55 80.140.102.163 FTP
Request: TYPE I
21 2.293079 80.140.102.163 172.30.32.55 FTP
Response: 200 Type set to I.
22 2.293303 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
23 6.198975 172.30.32.55 80.140.102.163 FTP
Request: PASV
24 6.235586 80.140.102.163 172.30.32.55 FTP
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
25 6.236007 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
26 6.236054 172.30.32.55 80.140.102.163 TCP 60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=324146765 TSER=0 WS=2
27 6.257882 80.140.102.163 172.30.32.55 TCP 21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1380 TSV=95156139 TSER=324146765
WS=0
28 6.258121 172.30.32.55 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
29 6.258148 172.30.32.55 80.140.102.163 FTP
Request: STOR test5.rar
30 6.282483 80.140.102.163 172.30.32.55 FTP
Response: 150 Opening BINARY mode data connection for test5.rar.
31 6.283487 172.30.32.55 80.140.102.163 FTP-DATA [TCP
Previous segment lost] FTP Data: 1368 bytes
32 6.313056 80.140.102.163 172.30.32.55 TCP [TCP
Dup ACK 27#1] 21522 > 60176 [ACK] Seq=1 Ack=1 Win=5792 Len=0 TSV=95156145
TSER=324146787 SLE=155600568 SRE=155601936
33 6.313092 172.30.32.55 80.140.102.163 TCP 60176 >
21522 [RST] Seq=1 Ack=3689136634 Win=0 Len=0
34 6.323420 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
35 6.343613 80.140.102.163 172.30.32.55 FTP
Response: 426 Data Connection: Connection reset by peer.
36 6.344880 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
37 6.504718 172.30.32.55 80.140.102.163 FTP-DATA [TCP
Retransmission] FTP Data: 1368 bytes
38 6.506858 80.140.102.163 172.30.32.55 TCP 21522 >
60176 [RST, ACK] Seq=1 Ack=1 Win=1460 Len=1368 TSV=324147034 TSER=95156139
39 7.827324 172.30.32.55 80.140.102.163 FTP
Request: QUIT
40 7.854532 80.140.102.163 172.30.32.55 FTP
Response: 221-You have transferred 0 bytes in 0 files.
41 7.854767 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
42 7.881652 80.140.102.163 172.30.32.55 FTP
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
43 7.882056 172.30.32.55 80.140.102.163 TCP 33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
44 7.916396 80.140.102.163 172.30.32.55 TCP ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411
seen on internetserver1:
1 0.000000 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380 TSV=324140529 TSER=0 WS=2
2 0.000276 80.140.102.163 200.79.245.55 TCP ftp >
33265 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=95155516 TSER=324140529
WS=0
3 0.050324 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324140577 TSER=95155516
4 0.135774 80.140.102.163 200.79.245.55 FTP
Response: 220 FTP server ready.
5 0.170051 200.79.245.55 80.140.102.163 FTP
Request: AUTH GSSAPI
6 0.170294 80.140.102.163 200.79.245.55 TCP ftp >
33265 [ACK] Seq=24 Ack=14 Win=5792 Len=0 TSV=95155533 TSER=324140696
7 0.170714 80.140.102.163 200.79.245.55 FTP
Response: 504 AUTH GSSAPI not supported.
8 0.230611 200.79.245.55 80.140.102.163 FTP
Request: AUTH KERBEROS_V4
9 0.230888 80.140.102.163 200.79.245.55 FTP
Response: 504 AUTH KERBEROS_V4 not supported.
10 0.308042 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=32 Ack=93 Win=5840 Len=0 TSV=324140839 TSER=95155540
11 1.031746 200.79.245.55 80.140.102.163 FTP
Request: USER test1
12 1.034460 80.140.102.163 200.79.245.55 FTP
Response: 331 Password required for test1.
13 1.060843 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=44 Ack=127 Win=5840 Len=0 TSV=324141593 TSER=95155620
14 1.713898 200.79.245.55 80.140.102.163 FTP
Request: PASS test1
15 1.735585 80.140.102.163 200.79.245.55 FTP
Response: 230 User test1 logged in. Access restrictions apply.
16 1.762264 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=56 Ack=182 Win=5840 Len=0 TSV=324142293 TSER=95155690
17 1.768369 200.79.245.55 80.140.102.163 FTP
Request: SYST
18 1.768626 80.140.102.163 200.79.245.55 FTP
Response: 215 UNIX Type: L8
19 1.850271 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=62 Ack=201 Win=5840 Len=0 TSV=324142372 TSER=95155693
20 2.263193 200.79.245.55 80.140.102.163 FTP
Request: TYPE I
21 2.263488 80.140.102.163 200.79.245.55 FTP
Response: 200 Type set to I.
22 2.299187 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=70 Ack=221 Win=5840 Len=0 TSV=324142822 TSER=95155743
23 6.204944 200.79.245.55 80.140.102.163 FTP
Request: PASV
24 6.205673 80.140.102.163 200.79.245.55 FTP
Response: 227 Entering Passive Mode (69,140,102,163,84,18)
25 6.228282 200.79.245.55 80.140.102.163 TCP 60176 >
21522 [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1380 TSV=324146765 TSER=0 WS=2
26 6.228420 80.140.102.163 200.79.245.55 TCP 21522 >
60176 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=95156139 TSER=324146765
WS=0
27 6.233944 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=76 Ack=271 Win=5840 Len=0 TSV=324146765 TSER=95156137
28 6.249245 200.79.245.55 80.140.102.163 TCP 60176 >
21522 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=324146787 TSER=95156139
29 6.249369 200.79.245.55 80.140.102.163 FTP
Request: STOR test5.rar
30 6.251415 80.140.102.163 200.79.245.55 FTP
Response: 150 Opening BINARY mode data connection for test5.rar.
31 6.282780 200.79.245.55 80.140.102.163 FTP-DATA [TCP
Previous segment lost] FTP Data: 1368 bytes
32 6.283268 80.140.102.163 200.79.245.55 TCP [TCP
Dup ACK 26#1] 21522 > 60176 [ACK] Seq=1 Ack=1 Win=5792 Len=0 TSV=95156145
TSER=324146787 SLE=1369 SRE=2737
33 6.307168 200.79.245.55 80.140.102.163 TCP 60176 >
21522 [RST] Seq=1 Ack=3689136634 Win=0 Len=0
34 6.313328 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=327 Win=5840 Len=0 TSV=324146852 TSER=95156142
35 6.313533 80.140.102.163 200.79.245.55 FTP
Response: 426 Data Connection: Connection reset by peer.
36 6.335303 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=92 Ack=375 Win=5840 Len=0 TSV=324146873 TSER=95156148
37 7.824535 200.79.245.55 80.140.102.163 FTP
Request: QUIT
38 7.824888 80.140.102.163 200.79.245.55 FTP
Response: 221-You have transferred 0 bytes in 0 files.
39 7.834506 80.140.102.163 200.79.245.55 FTP
Response: 221-Total traffic for this session was 495 bytes in 0 transfers.
40 7.854720 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [ACK] Seq=98 Ack=421 Win=5840 Len=0 TSV=324148384 TSER=95156299
41 7.886283 200.79.245.55 80.140.102.163 TCP 33265 >
ftp [FIN, ACK] Seq=98 Ack=568 Win=5840 Len=0 TSV=324148411 TSER=95156300
42 7.886384 80.140.102.163 200.79.245.55 TCP ftp >
33265 [ACK] Seq=568 Ack=99 Win=5792 Len=0 TSV=95156305 TSER=324148411
The problem seems to show up around "TCP Previous segment lost." The MSS seems
to change between the initial handshaking between linux1-out and internetserver1.
finally, before considering this situation too rogue, please keep in mind that
the above "problem" is not seen on kernel 2.4.22.
The actual dumps can be provided upon request. Also, hands-on testing can also
be arranged.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list