I have A SuSE machine running as a NAT machine. On the internal LAN is a Windows machine, and two Debian testing/unstable machines (one is a laptop).
The desktop Debian 'bumby' works fine most of the time, although I noticed that I could not reach (at my son's request) lego.com. I thought it was down, as traceroute failed (although they probably are blocking pings). But, when I tried from the Debian laptop I can reach lego.com. On the SuSE NAT machine netstat -M shows both connections: prot expire source destination ports tcp 1:56.02 bumby www.lego.com 40828 -> www-http (61123) tcp 1:59.79 laptop www.lego.com 1026 -> www-http (61124) And there is not a firewall running on the SuSE machine: > ipchains -L -n Chain input (policy ACCEPT): Chain forward (policy ACCEPT): target prot opt source destination ports MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a Chain output (policy ACCEPT): Here's a "tcpdump host www.lego.com" on the NAT machine. The laptop is running testing with 2.4.18 and the desktop (bumby) is running testing/unstable with 2.4.20. I suppose the difference in the flag is the difference in the TCP/IP stack in the two kernels. I assume it's the server failing to deal with the ECN-Echo or CWR flag. Seems like the only significant difference. lego.com sets a cookie with "ASPSESSION..." which makes me suspect IIS. I'm no expert with tcpdump... First tcpdump of the laptop connection: 15:44:05.501142 laptop.1029 > www.lego.com.http: S 461862062:461862062(0) win 5840 <mss 1460,sackOK,timestamp 139840 0,nop,wscale 0> (DF) 15:44:05.593932 www.lego.com.http > laptop.1029: S 2028817538:2028817538(0) ack 461862063 win 64240 <mss 1380,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF) 15:44:05.597874 laptop.1029 > www.lego.com.http: . 1:1(0) ack 1 win 5840 <nop,nop,timestamp 139850 0> (DF) 15:44:05.605551 laptop.1029 > www.lego.com.http: P 1:459(458) ack 1 win 5840 <nop,nop,timestamp 139851 0> (DF) 15:44:05.737622 www.lego.com.http > laptop.1029: P 1:260(259) ack 459 win 63782 <nop,nop,timestamp 42968557 139851> (DF) 15:44:05.740119 www.lego.com.http > laptop.1029: FP 260:401(141) ack 459 win 63782 <nop,nop,timestamp 42968557 139851> (DF) 15:44:05.742671 laptop.1029 > www.lego.com.http: . 459:459(0) ack 260 win 6432 <nop,nop,timestamp 139864 42968557> (DF) 15:44:05.783058 laptop.1029 > www.lego.com.http: . 459:459(0) ack 402 win 7504 <nop,nop,timestamp 139869 42968557> (DF) Now of the Desktop: > tcpdump host www.lego.com User level filter, protocol ALL, datagram packet socket tcpdump: listening on eth0 15:46:58.791804 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55055407 0,nop,wscale 0> (DF) 15:47:01.785164 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55055707 0,nop,wscale 0> (DF) 15:47:07.784961 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55056307 0,nop,wscale 0> (DF) 15:47:19.784555 bumby.41055 > www.lego.com.http: S [ECN-Echo,CWR] 632915726:632915726(0) win 5840 <mss 1460,sackOK,timestamp 55057507 0,nop,wscale 0> (DF) What's happening? -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
