----- "Tom Eastep" <[email protected]> wrote:
> Squid is accepting the connection. I should say, rather, that the connection is being accepted. Because of listener backlog (second argument to listen(2)), a TCP connection can be acknowledged without the server actually calling accept(). The fact that we don't see an ACK back from the client might indicate that it is not receiving (or doesn't like) the SYN,ACK response. This is supported by the conntrack entry I pointed out to you last evening. Have you run tcpdump (or wireshark) on the client system? === The client is not receiving the SYN,ACK response. A tcpdump on the client shows only the outgoing SYN and nothing else. So it appears the packets are being dropped on the shorewall box. What methods can I employ to trace these packets and determine where they are being dropped? Alternately, is there an "allow all" switch I can enable to get it working, then trace back what is required to make this work? (bearing in mind that I still need the REDIRECT from 80-3128 for all traffic). Thanks. Shawn Wright I.T. Manager, Shawnigan Lake School http://www.shawnigan.ca ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
