Robin Stevens wrote:
> Requests to wwwcache.ox.ac.uk 8080 are handled fine by our existing Solaris
> 8/ipfilter and Linux 2.2/ipchains servers. However, under Linux 2.4 they
> don't work, although intercepted traffic is working fine. Running tcpdump
> on both client and server reveals why:
>
> As seen by server:
>
> client 15635 > server 8080 SYN
> server 8080 > client 15635 SYN,ACK
> client 15635 > server 8080 RST
> client 15365 > server 8080 SYN [retries conversation]
>
> Looks reasonable at first, but why is the client resetting? A look at the
> client end reveals why (where wwwcache is the _virtual_ server's IP):
>
> client 3762 > wwwcache 8080 SYN
> server 8080 > client 15635 SYN,ACK
> client 15635 > server 8080 RST
> client 3762 > wwwcache 8080 SYN [retries conversation]
Hmm.. iptables REDIRECT does not mess with the client port (only the
server address,port), which makes me believe that your "L4 switch" is
doing something odd here for the traffic addressed to the virtual
address. Is it possible that return traffic is routed differently in the
new box compared to the old ones?
-- Henrik Nordstrom Squid HackerReceived on Mon Jun 18 2001 - 14:25:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:47 MST