TCP conection problems IBM VM -> FreeBSD

Torbjorn Granlund tg at swox.com
Thu Mar 22 19:00:27 UTC 2007 

Chuck Swiger <cswiger at mac.com> writes:

  On Mar 21, 2007, at 5:03 PM, Torbjorn Granlund wrote:
    When vm attempts to make a TCP connection (e.g., on port 25) to
    smtp.swox.se I see the following traffic on the router:
   
    22:46:27.015389 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: S 27523124:27523124(0) win 8192 <mss 1420,wscale 0,nop,nop,nop,timestamp 1888741492 0>
    22:46:27.015523 IP smtp.swox.se.smtp > vm.se.lsoft.com.47218: S 1745147473:1745147473(0) ack 3530628660 win 57344 <mss 1460>
    22:46:27.056277 IP vm.se.lsoft.com.47218 > smtp.swox.se.smtp: R 3530628660:3530628660(0) win 0
  
    I.e., the vm box appears to dislike the SYNACK from smtp.swox.se, and
    sends an RST.  One might ask if it is the fault of vm or of  
    smtp.swox.se.
  
  The second line should have been smtp.swox.se.smtp SYN+ACK'ing the  
  ISN of 27523124.  vm is sending a RST to that because the sequence  
  #'s don't match.  It's also odd that the set of options being listed  
  don't correspond at all...if you run the tcpdump for several minutes,  
  can you track down other SYN requests which do correspond?

These are the ones the correspond.  They come in bursts like that.  If
I let it run a little longer, I get output like this:
  
19:45:56.939958 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: S 678305700:678305700(0) win 8192 <mss 1420,wscale 0,nop,nop,nop,timestamp 2317060084 0>
19:45:56.940154 IP bang.swox.se.smtp > vm.se.lsoft.com.58679: S 3183232720:3183232720(0) ack 678305701 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 24588210 2317060084>
19:45:56.974421 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: R 678305701:678305701(0) win 0
19:45:59.939737 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: S 678305700:678305700(0) win 8192 <mss 1420,wscale 0,nop,nop,nop,timestamp 2317247594 0>
19:45:59.939905 IP bang.swox.se.smtp > vm.se.lsoft.com.58679: S 1749284606:1749284606(0) ack 678305701 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 24588510 2317247594>
19:45:59.978666 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: R 678305701:678305701(0) win 0
19:46:05.940041 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: S 678305700:678305700(0) win 8192 <mss 1420,wscale 0,nop,nop,nop,timestamp 2317622600 0>
19:46:05.940205 IP bang.swox.se.smtp > vm.se.lsoft.com.58679: S 2664894402:2664894402(0) ack 678305701 win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp 24589110 2317622600>
19:46:05.977251 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: R 678305701:678305701(0) win 0
  
The ISN's don't match here either.

  Sometimes this kind of re-writing can happen if natd or PF is  
  attempting to translate the packets, perhaps when they shouldn't if  
  both sides of your router box are using routable IPs....
  
I don't run natd at all, and to get the output above from tcpdump I
had disabled pf with pfctl -d.  With pf running, it silently drops the
2nd packet.  Could that too be related to ISN's?

The outside of the fbsd 6.2 router has two addresses, one routable and
one not routable.  This is due to the default setup my ISP is
providing: Their is a little net 192.168.0.0/30 between their router
and my fbsd 6.2 router.

(I have a routable address on the interface in order to allow pf's nat
to provide a sensible return address for the nat'ed packets.)

-- 
Torbjörn

More information about the freebsd-questions mailing list