TCP conection problems IBM VM -> FreeBSD
cswiger at mac.com
Thu Mar 22 19:16:52 UTC 2007
On Mar 22, 2007, at 12:00 PM, Torbjorn Granlund wrote:
>> The second line should have been smtp.swox.se.smtp SYN+ACK'ing the
>> ISN of 27523124. vm is sending a RST to that because the sequence
>> #'s don't match. It's also odd that the set of options being
>> don't correspond at all...if you run the tcpdump for several
>> can you track down other SYN requests which do correspond?
> These are the ones the correspond. They come in bursts like that. If
> I let it run a little longer, I get output like this:
> 19:45:56.939958 IP vm.se.lsoft.com.58679 > bang.swox.se.smtp: S
> 678305700:678305700(0) win 8192 <mss 1420,wscale
> 0,nop,nop,nop,timestamp 2317060084 0>
> 19:45:56.940154 IP bang.swox.se.smtp > vm.se.lsoft.com.58679: S
> 3183232720:3183232720(0) ack 678305701 win 57344 <mss
> 1460,nop,wscale 0,nop,nop,timestamp 24588210 2317060084>
Notice the ACK from vm.se.lsoft.com is off by one, but the timestamp
option corresponds. Looks to be a bug with the vm machine, the bang
machine is behaving properly per the TCP requirements.
Hmm, I wonder if something in between is fragmenting the initial
traffic and causing vm to get confused? Try setting the interface
MTUs down to 1024 or 512 and see whether that makes any difference...
>> Sometimes this kind of re-writing can happen if natd or PF is
>> attempting to translate the packets, perhaps when they shouldn't if
>> both sides of your router box are using routable IPs....
> I don't run natd at all, and to get the output above from tcpdump I
> had disabled pf with pfctl -d. With pf running, it silently drops the
> 2nd packet. Could that too be related to ISN's?
Yes, pf tracks connection state and will drop subsequent traffic
which does match an legit connection or a new (permitted) connection
> The outside of the fbsd 6.2 router has two addresses, one routable and
> one not routable. This is due to the default setup my ISP is
> providing: Their is a little net 192.168.0.0/30 between their router
> and my fbsd 6.2 router.
OK. That shouldn't matter then, if you're just doing straight
routing via this /30, rather than re-writing the packets.
More information about the freebsd-questions