Cant Access Web site

Kevin Oberman rkoberman at gmail.com
Thu Feb 26 06:06:29 UTC 2015 

On Wed, Feb 25, 2015 at 12:29 PM, Ercan Deger <ercandeger76 at gmail.com>
wrote:

> Dear All,
>
> I am using freebsd 7 as router, I have strange problem while accessing a
> site
>
> when I try to access via browser from windows pc behind freebsd kernel nat
> waiting and not opening site, I can access site from other places
>
> I can access via telnet
>
> [root at proxy ]# telnet 85.96.190.177 81
> Trying 85.96.190.177...
> Connected to 85.96.190.177.static.ttnet.com.tr.
> Escape character is '^]'.
>
>
> I added second wan (DSL) and route to site from dsl link I can access also
> without problem
>
> tcpdump log is;
>
> 21:38:00.903848 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP
> (6), length 52) 85.96.xx.xx.81 > 213.14.xx.xx.64886: S, cksum 0x874b
> (correct), 2875126544:2875126544(0) ack 2564833079 win 14600 <mss
> 1452,nop,nop,sackOK,nop,wscale 2>
> 21:38:00.904910 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP
> (6), length 40) 85.96.xx.xx.81 > 213.14.xx.xx.64883: R, cksum 0xda56
> (correct), 3424964916:3424964916(0) win 0
> 21:38:00.904954 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto TCP
> (6), length 52) 85.96.xx.xx.81 > 213.14.xx.xx.64887: S, cksum 0x8afa
> (correct), 2281919230:2281919230(0) ack 4103381824 win 14600 <mss
> 1452,nop,nop,sackOK,nop,wscale 2>
> 21:38:01.207088 IP (tos 0x0, ttl 51, id 48134, offset 0, flags [DF], proto
> TCP (6), length 40) 85.96.xx.xx.81 > 213.14.xx.xx.64886: ., cksum 0xf175
> (correct), 1:1(0) ack 354 win 3650
> 21:38:01.357109 IP (tos 0x0, ttl 51, id 48135, offset 0, flags [DF], proto
> TCP (6), length 57) 85.96.xx.xx.81 > 213.14.xx.xx.64886: P, cksum 0x3198
> (correct), 1:18(17) ack 354 win 3650
> 21:38:01.389613 IP (tos 0x0, ttl 51, id 48136, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:01.389701 IP (tos 0x0, ttl 51, id 48136, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.402883 IP (tos 0x0, ttl 51, id 48137, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 1478:2930(1452) ack 354 win 3650
> 21:38:01.403904 IP (tos 0x0, ttl 51, id 48137, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.417175 IP (tos 0x0, ttl 51, id 48138, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 2938:4390(1452) ack 354 win 3650
> 21:38:01.418196 IP (tos 0x0, ttl 51, id 48138, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.431607 IP (tos 0x0, ttl 51, id 48139, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 4398:5850(1452) ack 354 win 3650
> 21:38:01.431657 IP (tos 0x0, ttl 51, id 48139, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.445760 IP (tos 0x0, ttl 51, id 48140, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 5858:7310(1452) ack 354 win 3650
> 21:38:01.445811 IP (tos 0x0, ttl 51, id 48140, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.460053 IP (tos 0x0, ttl 51, id 48141, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 7318:8770(1452) ack 354 win 3650
> 21:38:01.460103 IP (tos 0x0, ttl 51, id 48141, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.473314 IP (tos 0x0, ttl 51, id 48142, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: .
> 8778:10230(1452) ack 354 win 3650
> 21:38:01.474336 IP (tos 0x0, ttl 51, id 48142, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:01.480460 IP (tos 0x0, ttl 51, id 48143, offset 0, flags [DF], proto
> TCP (6), length 664) 85.96.xx.xx.81 > 213.14.xx.xx.64886: FP
> 10238:10862(624) ack 354 win 3650
> 21:38:02.044104 IP (tos 0x0, ttl 51, id 48144, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:02.044215 IP (tos 0x0, ttl 51, id 48144, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:03.063015 IP (tos 0x0, ttl 51, id 48145, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:03.064036 IP (tos 0x0, ttl 51, id 48145, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:05.103427 IP (tos 0x0, ttl 51, id 48146, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:05.104448 IP (tos 0x0, ttl 51, id 48146, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:09.193863 IP (tos 0x0, ttl 51, id 48147, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:09.193915 IP (tos 0x0, ttl 51, id 48147, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:17.363864 IP (tos 0x0, ttl 51, id 48148, offset 0, flags [+], proto
> TCP (6), length 1492) 85.96.xx.xx.81 > 213.14.xx.xx.64886: . 18:1470(1452)
> ack 354 win 3650
> 21:38:17.364885 IP (tos 0x0, ttl 51, id 48148, offset 1472, flags [none],
> proto TCP (6), length 28) 85.96.xx.xx > 213.14.xx.xx: tcp
> 21:38:20.954233 IP (tos 0x0, ttl 51, id 7656, offset 0, flags [DF], proto
> TCP (6), length 626) 85.96.xx.xx.81 > 213.14.xx.xx.64887: P 1:587(586) ack
> 2 win 3650
> 21:38:20.954278 IP (tos 0x0, ttl 51, id 7657, offset 0, flags [DF], proto
> TCP (6), length 40) 85.96.xx.xx.81 > 213.14.xx.xx.64887: F, cksum 0xf439
> (correct), 587:587(0) ack 2 win 3650
>
> what can be the problem?
>
> Best Regards,
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

The data you provided shows little. It would be nice to see both sides of
the session.

I really suggest that you capture the whole session. Something like
"tcpdump -p -s0 -w some_file.bpf tcp port 81 and host 85.96.xx.xx" will
save the packet data to "some_file.bpf" and then you can use other tools to
analyze it. I use wireshark. It's free, in ports and works quite well. It
will flag packets which have issues and handle breaking down the prorocols.
Since port 81 is not the "normal" http port, you will need to tell
wireshark that. I have not had to do that in a while, but it was pretty
obvious.

wireshark can also do the capture directly, but I'll admit that after years
of using tcpdump (two of the authors used to sit down the hall from me), I
have never tried to use wireshark for packet capture.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com

More information about the freebsd-net mailing list