All,
Tried Jozsef's suggestion. The mystery deepens. Perhaps his
contention that the packet is dropped by the stack has some merit (heck, I
can't think of anything else it might be :-) ). The results on tcpdump is
the same. The packet shows up at the internal interface, and it's logged by
iptables. Then, it vanishes and never gets to the outside interface. (Hence,
it's never ACKed and the circuit is never completed.
I'm working with the developers to fix the internal program logic.
Hopefully, that will fix the problem. In the interim, I'm gonna keep
looking.
Joe
-> -----Original Message-----
-> From: Jozsef Kadlecsik [mailto:[EMAIL PROTECTED]]
-> Sent: Monday, April 29, 2002 3:26 AM
-> To: Dougherty, Joe
-> Cc: 'Ramin Alidousti'; '[EMAIL PROTECTED]'
-> Subject: RE: mangled ftp packets preventing connection
->
->
-> On Thu, 25 Apr 2002, Dougherty, Joe wrote:
->
-> > I did some sniffing on the firewall outside interface and the
-> > interface of the target server, also outside the firewall.
-> I wanted to see
-> > if that partial packet ever gets out. I discovered that it
-> doesn't, hence
-> > the non-ack, and hence the login not being completed.
->
-> What I'd suggest is to tcpdump on both the incoming and outgoing
-> interfaces of the firewall. Thus you could compare
-> packet-by-packet what
-> the the firewall receives and what it actually sends out.
->
-> If the lost packet has for example bad checksum, then it is
-> dropped by
-> the IP stack itself.
->
-> Regards,
-> Jozsef
-> -
-> E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED]
-> WWW-Home: http://www.kfki.hu/~kadlec
-> Address : KFKI Research Institute for Particle and Nuclear Physics
-> H-1525 Budapest 114, POB. 49, Hungary
->
