Date: Fri, 5 Dec 2008 18:22:36 -0500 From: "Benjie Chen" <benjie@addgene.org> To: "Peter Jeremy" <peterjeremy@optushome.com.au> Cc: freebsd-net@freebsd.org Subject: Re: Weird TCP connect issue in FreeBSD 6 Message-ID: <c53be070812051522y258fbea6m6bc49fa2efd0cfb1@mail.gmail.com> In-Reply-To: <20081205194449.GL58682@server.vk2pj.dyndns.org> References: <c53be070812021210u736bef58v79c2f80785308a5@mail.gmail.com> <20081203193609.GB58682@server.vk2pj.dyndns.org> <c53be070812031440k7660e022of8a77d1427fb1f47@mail.gmail.com> <20081205194449.GL58682@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Local address em0: some IP XXX, with appropriate mask, /27 em1: some IP YYY, on different subnet, with appropriate mask /27 apache: listening on XXX:80, YYY:80, XXX:443, YYY:443 I can connect to the 80 ports on both machine from a third IP on yet another network, and I can connect to XXX:443 just fine. Connecting to YYY:443 results in connection termination frequently, but not all the time. Tcpdump on XXX shows packets are coming into em1 and returned on em0, and that when termination occurs, initial SYN from client to YYY:443 is repeated many many times, resulting in many SYN ACKs and then later on ACKs from the client. I think syn-attack protecting code then kicks in and send a RST to tear down the connection on the server (this part I understand, but not sure why the SYN packets are repeatedly sent to the kernel) Benjie --- Benjie Chen, Ph.D. Addgene, a better way to share plasmids www.addgene.org Manage your lab more efficiently Addgene Labs - www.addgenelabs.org On Fri, Dec 5, 2008 at 2:44 PM, Peter Jeremy <peterjeremy@optushome.com.au> wrote: > On 2008-Dec-03 17:40:01 -0500, Benjie Chen <benjie@addgene.org> wrote: >>When I had two IPs from two different subnets configured for the two >>NICs, I had the same error. So while I did have a configuration issue, >>the problem with replicated SYNs did occur even when the two NICs had >>IP addresses on different networks. > > OK, that does sound wrong. Can you describe that setup please - what > local addresses/netmasks and routes did you have and what was the > remote IP address. > > -- > Peter Jeremy > Please excuse any delays as the result of my ISP's inability to implement > an MTA that is either RFC2821-compliant or matches their claimed behaviour. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c53be070812051522y258fbea6m6bc49fa2efd0cfb1>