Date: Wed, 30 Aug 2000 14:29:34 -0700 From: "Scott Johnson" <tmtowtdi@mailandnews.com> To: freebsd-questions@freebsd.org Subject: Disappearing packets Message-ID: <20000830192951.0C6E637B422@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
This is strange. I've got packets arriving on an interface which seem not to be passed up to the listening application, but only under certain conditions. Here's the deal: I've got three machines behind my gateway connected to a cable modem. The gateway is a 486DX2/66 running FBSD 4.1-Release. The firewall in place rejects all incoming TCP connections except for ssh, which I forward to an internal machine (a P133 running 4.1- Release, no firewall) using natd's "redirect_port" option. A corresponding ipfw rule allows the redirected setup packet through. The internal interface is wide open. I wanted to use my P75 laptop running 4.1-Release to connect to my home machine while dialed up to an ISP. I am having an unusual problem however... If I try to ssh from the laptop to my home machine, the connection fails; it eventually reverts to rsh - and fails that as well, of course. On the other hand, if I ssh to a friend's box (linux, ssh 1.2.27) and ssh from there, I can log in. Also, when I connect the laptop to the network directly, I can log in just fine. Niether the firewall nor natd are the problem. Opening the firewall does nothing. The incoming setup packets are logged correctly at the firewall, anyway. Running tcpdump on the internal network shows that the setup packets are making it through correctly. The packets make it in the interface of the target internal machine, which can be seen by 'systat' (while the interface is idle except for another ssh login you can see the tcp or ip statistics jump when the setup packets arrive), but 'stat -netstat' never shows a connection, even one with a state of 'syn recieved'. 'systat -tcp' doesn't report any connection statistics, not even a dropped connection. I've got sshd running at a DEBUG LogLevel, and it reports nothing. As you would expect, tcpdump shows no ack being sent. Using Analyzer, a (very cool) WinPcap-based sniffer, I've looked at the traffic, and I'll be damned if I can see what's going on. The setup packets from a login while directly connected to the network and from a failed connection while dialed in are virtually identical except for src addresses, ip.id, ip.ttl (64 for directly connected login, 56 for the dialup), tcp.seq_no, and tcp.checksum. Ditto with comparing to a login from my friend's machine; the chief difference there is the presence of some more TCP options and the absence of the two bytes of data at the end of the setup packet. I'd be happy to send dumps to anyone who wants to look for themselves. I don't know what's left to do to discover what's happening here. Any suggestions? Scott Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000830192951.0C6E637B422>