From owner-freebsd-net@FreeBSD.ORG Fri Dec 5 23:22:37 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FDCC1065670 for ; Fri, 5 Dec 2008 23:22:37 +0000 (UTC) (envelope-from benjie@addgene.org) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id 1F1DE8FC1E for ; Fri, 5 Dec 2008 23:22:37 +0000 (UTC) (envelope-from benjie@addgene.org) Received: by wf-out-1314.google.com with SMTP id 24so207376wfg.7 for ; Fri, 05 Dec 2008 15:22:36 -0800 (PST) Received: by 10.143.9.9 with SMTP id m9mr225378wfi.41.1228519356754; Fri, 05 Dec 2008 15:22:36 -0800 (PST) Received: by 10.142.179.19 with HTTP; Fri, 5 Dec 2008 15:22:36 -0800 (PST) Message-ID: Date: Fri, 5 Dec 2008 18:22:36 -0500 From: "Benjie Chen" To: "Peter Jeremy" In-Reply-To: <20081205194449.GL58682@server.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081203193609.GB58682@server.vk2pj.dyndns.org> <20081205194449.GL58682@server.vk2pj.dyndns.org> Cc: freebsd-net@freebsd.org Subject: Re: Weird TCP connect issue in FreeBSD 6 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2008 23:22:37 -0000 Local address em0: some IP XXX, with appropriate mask, /27 em1: some IP YYY, on different subnet, with appropriate mask /27 apache: listening on XXX:80, YYY:80, XXX:443, YYY:443 I can connect to the 80 ports on both machine from a third IP on yet another network, and I can connect to XXX:443 just fine. Connecting to YYY:443 results in connection termination frequently, but not all the time. Tcpdump on XXX shows packets are coming into em1 and returned on em0, and that when termination occurs, initial SYN from client to YYY:443 is repeated many many times, resulting in many SYN ACKs and then later on ACKs from the client. I think syn-attack protecting code then kicks in and send a RST to tear down the connection on the server (this part I understand, but not sure why the SYN packets are repeatedly sent to the kernel) Benjie --- Benjie Chen, Ph.D. Addgene, a better way to share plasmids www.addgene.org Manage your lab more efficiently Addgene Labs - www.addgenelabs.org On Fri, Dec 5, 2008 at 2:44 PM, Peter Jeremy wrote: > On 2008-Dec-03 17:40:01 -0500, Benjie Chen wrote: >>When I had two IPs from two different subnets configured for the two >>NICs, I had the same error. So while I did have a configuration issue, >>the problem with replicated SYNs did occur even when the two NICs had >>IP addresses on different networks. > > OK, that does sound wrong. Can you describe that setup please - what > local addresses/netmasks and routes did you have and what was the > remote IP address. > > -- > Peter Jeremy > Please excuse any delays as the result of my ISP's inability to implement > an MTA that is either RFC2821-compliant or matches their claimed behaviour. >