TCP packets don't flow from external hosts to WinVista clientsbehind

mich.admin at mail.ru mich.admin at mail.ru
Sun Aug 26 12:46:23 PDT 2007 

> 
> MIZ0 <mich.admin at mail.ru> wrote:
> >
> >  > Could be TCP window scaling. See
> >  > http://en.wikipedia.org/wiki/TCP_window_scale_option
> >  > Or the plain old PMTUD problem described in
> >  > 
> > http://www.cisco.com/en/US/tech/tk870/tk877/tk880/technologies_tech_note09186a008011a218.shtml#backinfo
> >  >
> >  > =Adriaan=
> > 
> > Nothing helps.
> > I've tried to change client's mtu, even shrinked packets with ng_tcpmss 
> > - no effect.
> > I don't understand why freebsd machines from internal network can't 
> > establish  any TCP connection to external net too.
> 
> Sounds to me like you need to carefully go over your network setup.  Have
> you verified that the problem machines correctly have all the information
> they need: proper netmasks, routers, etc?  Run tcpdump on both
> interfaces of the gateway and see if that provides any hint.
> 
> I have a strong suspicion that you're looking in the wrong place --
> otherwise you would have found the problem.  Are there two DHCP servers
> on this network?  Wouldn't be the first time I saw that problem mess with
> someone's head.
> 
> With the information you've provided so far, we're guessing in the dark.
> I doubt that ipfw is the culprit, but it's going to take more information
> to be sure.
> 
> > Can ipfw or netgraph detect client's OS type and allow only Windows XP ? =))
> 
> Potentially, but I can't see it doing that by accident.
> 
> -- 
> Bill Moran
> http://www.potentialtech.com

Network settings are ok, there're no any DHCP server in my net.

Router's interfaces.
rl0 (ISP): flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 85.249.249.249 netmask 0xffffff00 broadcast 85.249.249.255
        ether 00:11:95:5b:84:47
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fxp0 (Internal Net) flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 10.0.0.2 netmask 0xffffff80 broadcast 10.0.0.127
        ether 00:d0:b7:a0:95:cf
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

I've run "telnet ya.ru 80" under Windows XP:

fxp0:
02:34:04.717756 IP (tos 0x0, ttl 127, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 10.0.0.3.2723 > ya.ru.http: S, cksum 0x51a0 (correct), 835980332:835980332(0) win 16384 <mss 512,nop,nop,sackOK>
-
02:34:04.755485 IP (tos 0x0, ttl  54, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 10.0.0.3.2723: S, cksum 0x326f (correct), 3512433525:3512433525(0) ack 835980333 win 4096 <mss 1360,sackOK,eol>
-
02:34:04.756316 IP (tos 0x0, ttl 127, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 10.0.0.3.2723 > ya.ru.http: ., cksum 0x28be (correct), ack 1 win 17680


rl0:
02:34:04.720584 IP (tos 0x0, ttl 126, id 54374, offset 0, flags [DF], proto: TCP (6), length: 48) 85.249.249.249.2723 > ya.ru.http: S, cksum 0x5221 (correct), 835980332:835980332(0) win 16384 <mss 512,nop,nop,sackOK>
-
02:34:04.754547 IP (tos 0x0, ttl  55, id 5070, offset 0, flags [DF], proto: TCP (6), length: 48) ya.ru.http > 85.249.249.249.2723: S, cksum 0x32f0 (correct), 3512433525:3512433525(0) ack 835980333 win 4096 <mss 1360,sackOK,eol>
-
02:34:04.758703 IP (tos 0x0, ttl 126, id 54375, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.2723 > ya.ru.http: ., cksum 0x293f (correct), ack 1 win 17680


And now i've trying to "telnet ya.ru 80" under FreeBSD (i used ip 10.0.0.3 instead of WinXP)
fxp0:
02:09:52.627482 IP (tos 0x10, ttl  64, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 10.0.0.3.61654 > ya.ru.http: S, cksum 0x319a (correct), 2498390137:2498390137(0) win 65535 <mss 512,nop,wscale 1,nop,nop,timestamp 76265599 0,sackOK,eol>
*******It repeats 3-5 times, then "telnet" returns "Connection Timed Out" error***********

rl0:
02:09:52.631529 IP (tos 0x10, ttl  63, id 3657, offset 0, flags [none], proto: TCP (6), length: 64) 85.249.249.249.61654 > ya.ru.http: S, cksum 0x321b (correct), 2498390137:2498390137(0) win 65535 <mss 512,nop,wscale 1,nop,nop,timestamp 76265599 0,sackOK,eol>
-
02:09:52.665396 IP (tos 0x0, ttl  55, id 27777, offset 0, flags [DF], proto: TCP (6), length: 64) ya.ru.http > 85.249.249.249.61654: S, cksum 0x077a (correct), 45449397:45449397(0) ack 2498390138 win 4096 <mss 1360,nop,wscale 0,nop,nop,timestamp 1643393506 76265599,sackOK,eol>
-
02:09:52.665423 IP (tos 0x0, ttl  64, id 56014, offset 0, flags [DF], proto: TCP (6), length: 40) 85.249.249.249.61654 > ya.ru.http: R, cksum 0x6450 (correct), 2498390138:2498390138(0) win 0

I gave up =(

More information about the freebsd-questions mailing list