No SYNACK to port 80? - Networking

This is a discussion on No SYNACK to port 80? - Networking ; This is copied from linux.debian.user since no one is responding over there. >Hi there. I'm having a strange problem. Sometimes, for short periods >of time, when connecting to my web server from an external IP address, >the connection doesn't complete. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: No SYNACK to port 80?

  1. No SYNACK to port 80?

    This is copied from linux.debian.user since no one is responding over
    there.

    >Hi there. I'm having a strange problem. Sometimes, for short periods
    >of time, when connecting to my web server from an external IP address,
    >the connection doesn't complete. But at the same time, I can connect
    >from a local ip address.


    >I ran tshark on the machine to monitor traffic when these "short
    >periods" happen and I noticed that for external connections, my
    >machine is not replying to the ACK in the three-way handshake.


    > 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >Len=0 MSS=1460 WS=2
    > 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >Len=0 MSS=1460 WS=2
    > 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >Len=0 MSS=1460


    >I don't have iptables installed, and SELinux is not enabled.


    >It happened again, and I captured the raw packets. There is NO
    >difference between two packets coming in except one is from an
    >external IP and one is from an internal one.
    >The internal one is replied to with SYNACK and the external one is
    >ignored. I'm not sure how to continue debugging this. I can post my
    >raw capture.


    And netstat -a is reporting SYN_RECV for the connections coming in
    when this "delay" period happens.

  2. Re: No SYNACK to port 80?

    St. John Johnson wrote:
    > This is copied from linux.debian.user since no one is responding over
    > there.
    >
    >> Hi there. I'm having a strange problem. Sometimes, for short periods
    >> of time, when connecting to my web server from an external IP address,
    >> the connection doesn't complete. But at the same time, I can connect
    >>from a local ip address.

    >
    >> I ran tshark on the machine to monitor traffic when these "short
    >> periods" happen and I noticed that for external connections, my
    >> machine is not replying to the ACK in the three-way handshake.

    >
    >> 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >> Len=0 MSS=1460 WS=2
    >> 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >> Len=0 MSS=1460 WS=2
    >> 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    >> Len=0 MSS=1460

    >
    >> I don't have iptables installed, and SELinux is not enabled.

    >
    >> It happened again, and I captured the raw packets. There is NO
    >> difference between two packets coming in except one is from an
    >> external IP and one is from an internal one.
    >> The internal one is replied to with SYNACK and the external one is
    >> ignored. I'm not sure how to continue debugging this. I can post my
    >> raw capture.

    >
    > And netstat -a is reporting SYN_RECV for the connections coming in
    > when this "delay" period happens.


    check your firewall settings !

  3. Re: No SYNACK to port 80?

    On Feb 9, 5:50 am, goarilla <"kevin DOT paulus AT skynet DOT be">
    wrote:
    > St. John Johnson wrote:
    > > This is copied from linux.debian.user since no one is responding over
    > > there.

    >
    > >> Hi there. I'm having a strange problem. Sometimes, for short periods
    > >> of time, when connecting to my web server from an external IP address,
    > >> the connection doesn't complete. But at the same time, I can connect
    > >>from a local ip address.

    >
    > >> I ran tshark on the machine to monitor traffic when these "short
    > >> periods" happen and I noticed that for external connections, my
    > >> machine is not replying to the ACK in the three-way handshake.

    >
    > >> 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > >> Len=0 MSS=1460 WS=2
    > >> 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > >> Len=0 MSS=1460 WS=2
    > >> 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > >> Len=0 MSS=1460

    >
    > >> I don't have iptables installed, and SELinux is not enabled.

    >
    > >> It happened again, and I captured the raw packets. There is NO
    > >> difference between two packets coming in except one is from an
    > >> external IP and one is from an internal one.
    > >> The internal one is replied to with SYNACK and the external one is
    > >> ignored. I'm not sure how to continue debugging this. I can post my
    > >> raw capture.

    >
    > > And netstat -a is reporting SYN_RECV for the connections coming in
    > > when this "delay" period happens.

    >
    > check your firewall settings !


    What firewall settings? I don't have iptables on. I can see the SYN
    packets coming in, but my computer is not sending the SYNACK back.
    And this only happens once in a while. With external IP addresses
    only.

  4. Re: No SYNACK to port 80?

    On Feb 9, 1:04 pm, "St. John Johnson"
    wrote:
    > On Feb 9, 5:50 am, goarilla <"kevin DOT paulus AT skynet DOT be">
    > wrote:
    >
    >
    >
    > > St. John Johnson wrote:
    > > > This is copied from linux.debian.user since no one is responding over
    > > > there.

    >
    > > >> Hi there. I'm having a strange problem. Sometimes, for short periods
    > > >> of time, when connecting to my web server from an external IP address,
    > > >> the connection doesn't complete. But at the same time, I can connect
    > > >>from a local ip address.

    >
    > > >> I ran tshark on the machine to monitor traffic when these "short
    > > >> periods" happen and I noticed that for external connections, my
    > > >> machine is not replying to the ACK in the three-way handshake.

    >
    > > >> 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > >> Len=0 MSS=1460 WS=2
    > > >> 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > >> Len=0 MSS=1460 WS=2
    > > >> 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > >> Len=0 MSS=1460

    >
    > > >> I don't have iptables installed, and SELinux is not enabled.

    >
    > > >> It happened again, and I captured the raw packets. There is NO
    > > >> difference between two packets coming in except one is from an
    > > >> external IP and one is from an internal one.
    > > >> The internal one is replied to with SYNACK and the external one is
    > > >> ignored. I'm not sure how to continue debugging this. I can post my
    > > >> raw capture.

    >
    > > > And netstat -a is reporting SYN_RECV for the connections coming in
    > > > when this "delay" period happens.

    >
    > > check your firewall settings !

    >
    > What firewall settings? I don't have iptables on. I can see the SYN
    > packets coming in, but my computer is not sending the SYNACK back.
    > And this only happens once in a while. With external IP addresses
    > only.


    Anyone? I'm clueless here how to continue.

  5. Re: No SYNACK to port 80?

    On Feb 10, 1:41 pm, "St. John Johnson"
    wrote:
    > On Feb 9, 1:04 pm, "St. John Johnson"
    > wrote:
    >
    >
    >
    > > On Feb 9, 5:50 am, goarilla <"kevin DOT paulus AT skynet DOT be">
    > > wrote:

    >
    > > > St. John Johnson wrote:
    > > > > This is copied from linux.debian.user since no one is responding over
    > > > > there.

    >
    > > > >> Hi there. I'm having a strange problem. Sometimes, for short periods
    > > > >> of time, when connecting to my web server from an external IP address,
    > > > >> the connection doesn't complete. But at the same time, I can connect
    > > > >>from a local ip address.

    >
    > > > >> I ran tshark on the machine to monitor traffic when these "short
    > > > >> periods" happen and I noticed that for external connections, my
    > > > >> machine is not replying to the ACK in the three-way handshake.

    >
    > > > >> 0.000000 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > > >> Len=0 MSS=1460 WS=2
    > > > >> 3.006786 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > > >> Len=0 MSS=1460 WS=2
    > > > >> 8.973167 69.120.132.213 -> 10.1.1.202 TCP 52197 > www [SYN] Seq=0
    > > > >> Len=0 MSS=1460

    >
    > > > >> I don't have iptables installed, and SELinux is not enabled.

    >
    > > > >> It happened again, and I captured the raw packets. There is NO
    > > > >> difference between two packets coming in except one is from an
    > > > >> external IP and one is from an internal one.
    > > > >> The internal one is replied to with SYNACK and the external one is
    > > > >> ignored. I'm not sure how to continue debugging this. I can post my
    > > > >> raw capture.

    >
    > > > > And netstat -a is reporting SYN_RECV for the connections coming in
    > > > > when this "delay" period happens.

    >
    > > > check your firewall settings !

    >
    > > What firewall settings? I don't have iptables on. I can see the SYN
    > > packets coming in, but my computer is not sending the SYNACK back.
    > > And this only happens once in a while. With external IP addresses
    > > only.

    >
    > Anyone? I'm clueless here how to continue.


    I figured this out. It was my routing table. I have two ethernet
    cards and one of them cannot communicate with external IPs (eth1).
    The SYN packet was coming in eth0, the routing table was ambiguous
    about where to send that packet as there was a default route for both
    eth0 and eth1, and at the time, eth1 seemed to be faster. According
    to the default kernel settings (if i'm correct) packet forwarding is
    disabled, so no SYNACK was sent back, it was just ignored. I fixed
    this by removing the default route for eth1 as it was not needed.

+ Reply to Thread