I have some more info on the troubles I've seen with IP Filter 3.2.9
and Solaris 2.6:
Occasionally the server sends a response packet back to the client
with the forwarded port number (3128) instead of the port the
client thinks it's talking to (80). Here's an example:
TCP setup:
client.52176 > server.80: S 17466973:17466973(0)
server.80 > client.52176: S 552863215:552863215(0) ack 17466974
client.52176 > server.80: . ack 552863216
"GET / HTTP/1.0" and server's ack:
client.52176 > server.80: P 17466974:17466990(16) ack 552863216
server.80 > client.52176: . ack 17466990
"Host: www.dimensional.com" and server's ack:
client.52176 > server.80: P 17466990:17467017(27) ack 552863216
server.80 > client.52176: . ack 17467017
CRLF and server's ack:
client.52176 > server.80: P 17467017:17467019(2) ack 552863216
server.80 > client.52176: . ack 17467019
Server starts to send data:
server.80 > client.52176: P 552863216:552863745(529) ack 17467019
Server sends more data, but note server's port number; the client's port
and the ack'd sequence number are correct, so this definitely appears to
be the same connection:
server.3128 > client.52176: P 552863745:552864257(512) ack 17467019
Client says "whuh?":
client.52176 > server.3128: R 17467019:17467019(0)
Client acks data sent earlier; server says "whuh?":
client.52176 > server.80: . ack 552863745
server.80 > client.52176: R 552863745:552863745(0)
I'm not sure why this is happening but I also see similar problems with
other services, so it doesn't appear to be related to Squid. I'll
bring this up in the ipfilter mailing list but I wanted to keep this
list informed since it affects transparent proxying.
Can anyone using IP Filter on Solaris 2.6 confirm or deny this problem?
-- Michael Fuhr http://www.fuhr.net/~mfuhr/Received on Fri Jul 10 1998 - 18:01:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:05 MST