Re: Weird TCP connect issue in FreeBSD 6
- From: "Benjie Chen" <benjie@xxxxxxxxxxx>
- Date: Fri, 5 Dec 2008 18:22:36 -0500
em0: some IP XXX, with appropriate mask, /27
em1: some IP YYY, on different subnet, with appropriate mask /27
apache: listening on XXX:80, YYY:80, XXX:443, YYY:443
I can connect to the 80 ports on both machine from a third IP on yet
another network, and I can connect to XXX:443 just fine. Connecting to
YYY:443 results in connection termination frequently, but not all the
Tcpdump on XXX shows packets are coming into em1 and returned on em0,
and that when termination occurs, initial SYN from client to YYY:443
is repeated many many times, resulting in many SYN ACKs and then later
on ACKs from the client. I think syn-attack protecting code then kicks
in and send a RST to tear down the connection on the server (this part
I understand, but not sure why the SYN packets are repeatedly sent to
Benjie Chen, Ph.D.
Addgene, a better way to share plasmids
Manage your lab more efficiently
Addgene Labs - www.addgenelabs.org
On Fri, Dec 5, 2008 at 2:44 PM, Peter Jeremy
On 2008-Dec-03 17:40:01 -0500, Benjie Chen <benjie@xxxxxxxxxxx> wrote:_______________________________________________
When I had two IPs from two different subnets configured for the two
NICs, I had the same error. So while I did have a configuration issue,
the problem with replicated SYNs did occur even when the two NICs had
IP addresses on different networks.
OK, that does sound wrong. Can you describe that setup please - what
local addresses/netmasks and routes did you have and what was the
remote IP address.
Please excuse any delays as the result of my ISP's inability to implement
an MTA that is either RFC2821-compliant or matches their claimed behaviour.
freebsd-net@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"