I have a strange problem (at least to me). I have a small test network setup as follows:
OBSD43 laptop =LAN= OBSD43 firewall =DMZ= OBSD43 server Almost with regularity, the first connection attempt (after some as yet undetermined amount of time) between the laptop and the server will hang and often time out depending on the application. I attached tcpdump to all interfaces involved and it would seem that the packets captured by tcpdump on the DMZ interface of the firewall are different than those actually sent out by the server (as per the capture on the server). The difference is only in a bad cksum: Aug 28 20:51:00.732550 00:02:fd:20:2c:51 00:30:68:01:00:10 0800 60: 192.168.1.81.995 > 192.168.2.92.1032: S [tcp sum ok] 1764937020:1764937020(0) ack 3182877356 win 16384 <mss 1460> (DF) (ttl 64, id 57258, len 44, bad cksum b565! differs by feff) Indeed, the cksum on the packet as captured on the server was b465 not b565. Also, the difference, every time is always feff. So, the reason why the first connection (whether SSH, HTTP, HTTPS, IMAPS, etc.) hangs and sometimes times out is because of some bad cksum causing delays in the communication as the packet has to be retransmitted multiple times. This only appears to happen during the SYN/SYN+ACK/ACK sequence in establishing a connection. After that first connection, however, all the rest of the connections, even one to the same port, succeed without errors (for some period of time). Any ideas as to what could be causing this? And why would the difference in the cksum always be feff? Could it be a bad cable, bad switch, bad network card on the firewall/server? If any, why does it only seem to be the first connection attempt? On the server I have: rl0 at pci2 dev 10 function 0 "Realtek 8139" rev 0x10: irq 9, address 00:30:bd:05:24:c2 rlphy0 at rl0 phy 0: RTL internal PHY On the firewall: rl0 at pci0 dev 16 function 0 "Realtek 8139" rev 0x10: irq 9, address 00:30:68:01:00:10 rlphy0 at rl0 phy 0: RTL internal PHY On the laptop: wi0 at pcmcia0 function 0 "Intel, PRO/Wireless 2011 LAN PC Card, 1.00" port 0xa000/64 wi0: Symbol PRISM2 HFA3841(EVB2) (0x8000), Firmware 2.1.2 (primary), 2.51.4 (station), address 00:03:47:b4:88:17 The switch on the DMZ is a Linksys 5 port. Although at this point I doubt it has anything to do with the laptop. Thanks, Ludwig
