* Harald Welte ([EMAIL PROTECTED]) wrote: > Thanks for giving this feedback. I think I'm going to port this patch > to newnat, and make it a sysctl, so users can choose the desired > behaviour. > > Newnat will get in 2.5.8 and 2.4.20.
Great! I'm looking forward to it. :)
> btw: be sure to Cc' me next time, I don't read the netfilter users mailinglist
> on a regular basis.
Sure, sorry about that, wasn't thinking. :)
> > If you'd like some more information on this I'd be happy to provide it.
>
> Well, it would be interesting why those acks don't belong to any
> established connections, yes...
My initial reaction to seeing them in my logs was a suspicion that they
were repeated ACKs going to a machine which wasn't responding. Looking
at them again they really do seem kind of odd. Here's a snippet of my
log with the actual IPs removed:
Mar 25 03:38:19 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=52
TOS=0x00 PREC=0x00 TTL=63 ID=3268 DF PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00
ACK URGP=0
Mar 25 03:38:19 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3288 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:20 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3289 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:22 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3290 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:23 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=52
TOS=0x00 PREC=0x00 TTL=63 ID=3291 DF PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00
ACK URGP=0
Mar 25 03:38:24 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3295 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:25 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3296 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:25 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=52
TOS=0x00 PREC=0x00 TTL=63 ID=3301 DF PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00
ACK URGP=0
Mar 25 03:38:25 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3302 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:26 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3303 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:26 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3304 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:26 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3305 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:27 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3306 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:29 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3307 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:29 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3308 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:33 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3309 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:33 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3310 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:36 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3311 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:41 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3312 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:48 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3313 PROTO=TCP SPT=80 DPT=2669 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:49 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3314 PROTO=TCP SPT=80 DPT=2671 WINDOW=31856 RES=0x00 ACK
URGP=0
Mar 25 03:38:57 gw-uunet kernel: FORWARD Table IN=eth1 OUT=eth0 SRC=x DST=y LEN=40
TOS=0x00 PREC=0x00 TTL=254 ID=3315 PROTO=TCP SPT=80 DPT=2670 WINDOW=31856 RES=0x00 ACK
URGP=0
'x' is my web server, 'y' is an external address. Some interesting bits
are the 'DF' flag and the changing 'TTL'. The web server is a Linux
box, don't know what the remote server is. Hope this helps. This may
just be normal but I recall seeing them more often after applying the
patch.
Stephen
msg01319/pgp00000.pgp
Description: PGP signature
