Re: Weird TCP connect issue in FreeBSD 6

Local address

em0: some IP XXX, with appropriate mask, /27
em1: some IP YYY, on different subnet, with appropriate mask /27

apache: listening on XXX:80, YYY:80, XXX:443, YYY:443

I can connect to the 80 ports on both machine from a third IP on yet
another network, and I can connect to XXX:443 just fine. Connecting to
YYY:443 results in connection termination frequently, but not all the
time.

Tcpdump on XXX shows packets are coming into em1 and returned on em0,
and that when termination occurs, initial SYN from client to YYY:443
is repeated many many times, resulting in many SYN ACKs and then later
on ACKs from the client. I think syn-attack protecting code then kicks
in and send a RST to tear down the connection on the server (this part
I understand, but not sure why the SYN packets are repeatedly sent to
the kernel)

Benjie


---

Benjie Chen, Ph.D.
Addgene, a better way to share plasmids
www.addgene.org

Manage your lab more efficiently
Addgene Labs - www.addgenelabs.org




On Fri, Dec 5, 2008 at 2:44 PM, Peter Jeremy
<peterjeremy@xxxxxxxxxxxxxxxx> wrote:
On 2008-Dec-03 17:40:01 -0500, Benjie Chen <benjie@xxxxxxxxxxx> wrote:
When I had two IPs from two different subnets configured for the two
NICs, I had the same error. So while I did have a configuration issue,
the problem with replicated SYNs did occur even when the two NICs had
IP addresses on different networks.

OK, that does sound wrong. Can you describe that setup please - what
local addresses/netmasks and routes did you have and what was the
remote IP address.

--
Peter Jeremy
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"