It looks to me like some problem with the hardware! :o)
Best, +------------------------------------------- | Luís Miguel Silva | Network Administrator@ ISPGaya.pt | Rua António Rodrigues da Rocha, 291/341 | Sto. Ovídio • 4400-025 V. N. de Gaia | Portugal | T: +351 22 3745730/3/5 F: +351 22 3745738 | G: +351 93 6371253 E: [EMAIL PROTECTED] | H: http://lms.ispgaya.pt/ +------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexander Goeres Sent: quarta-feira, 7 de Janeiro de 2004 16:30 To: [EMAIL PROTECTED] Subject: Re: [Vserver] [Release] vs1.00, vs1.22 and vs1.3.3 for 2.4.24 For my problem, I don't think it's vserver-related. Today I could compile a vanilla 2.4.23-kernel on the relevant host-server without any vserver implementation. After a reboot in this kernel I did a "telnet remote.mail.server 25" from the host-server and it timed out as before. It looks as if it's a firewall-problem on the remote side but the admins in charge there of course claim, that it's not so.. I can't look into their firewall, but a more agressive approach with 1. "nmap -p 25 -sS remote.mail.server" and 2. "nmap -p 25 -sA remote.mail.server" from one of my host-servers showed for 1.: "port 25 open" and for 2.:"port 25 filtered". That sounds exactly like your explanation. But for my host-servers it occurs no matter if they have a vserver-patched kernel running or not. Too bad, for a short time I thought I might have tracked this problem down and could accuse Herbert and the developers here of doing bad work instead of fighting alien admins.. :-) greetings Alexander Am Mittwoch, 7. Januar 2004 13:41 schrieb Christian Mayrhuber: > Christian Mayrhuber wrote: > > Thats exactly the problem I have. > > The dns setup is right. It happens from the root server (ctx 0), too. > > But does not happen if I use a standard kernel with the same > > configuration. The remote mailserver is behind a netfilter firewall. > > Some additional information: > The remote mailserver is behind a netfilter firewall and complains about > an invalid CRC in the TCP header, the CRC of the IP header is ok. > The CRC of the TCP header is ok when the packets are sent from a vserver > (this has been verified on a pix firewall) then those packets get routed > trough the net, reach the netfilter firewall and have a corrupt TCP CRC > afterwards. > This may well be a bug in the netfilter code which is triggerd only by > packets of a vserver kernel. > The result is that on the SYN packet follows no ACK and the connection > times out. -- ------------------------------------------- agoeres _at_ lieblinx.net tel.: +49 (0)30 / 61 20 26 87 fax: +49 (0)30 / 61 20 26 89 ------------------------------------------- lieblinxNET we do software a Marwood & Thiele GbR ------------------------------------------- reichenberger straße 125 10999 Berlin http://lieblinx.net ------------------------------------------- _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
