I seem to be having a problem with all of my CentOS5 machines, which do not seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
---
I've done a tcpdump, and it would appear as if I receive a TCP RST when attempting to request pages - yet this appears to work for other websites.
So far, I've been able to narrow down that this is only happening on my CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially as it only affects certain websites.
Regards, Garron Kramer
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub ? Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which do not seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST when attempting to request pages - yet this appears to work for other websites.
So far, I've been able to narrow down that this is only happening on my CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially as it only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Ops I have the same at home :-) My Centos5 is not working too but my 4.x is working well !!!
I look like www.debtbusterloans.com return packet with bad checksum. Centos4 accept it, but Centos5 ignore it
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub ? Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which do not seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST when attempting to request pages - yet this appears to work for other websites.
So far, I've been able to narrow down that this is only happening on my CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially as it only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Alain Spineux aspineux gmail com May the sources be with you
Here are my own tcpdump, this is only the connection part. 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen) Lines are grouped 2 by 2 I see two strenge things : - the windows is only 46bytes large ! - the centos4 send a packed with a bad checksum!
21:10:26.841544 IP (tos 0x10, ttl 64, id 31172, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S, cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss 1460,sackOK,timestamp 626170478 0,nop,wscale 7> 21:07:46.854517 IP (tos 0x10, ttl 64, id 16300, offset 0, flags [DF], proto 6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S [tcp sum ok] 830506483:830506483(0) win 5840 <mss 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
21:10:26.884069 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S, cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> 21:07:46.881494 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto 6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S [tcp sum ok] 2040411689:2040411689(0) ack 830506484 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:10:26.884120 IP (tos 0x10, ttl 64, id 31173, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: ., cksum 0x3fff (correct), ack 1 win 46 21:07:46.881575 IP (tos 0x10, ttl 64, id 16302, offset 0, flags [DF], proto 6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: . [tcp sum ok] ack 1 win 1460
21:10:30.317344 IP (tos 0x10, ttl 64, id 31174, offset 0, flags [DF], proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P, cksum 0x6b7d (correct), 1:8(7) ack 1 win 46 21:07:55.031547 IP (tos 0x10, ttl 64, id 16304, offset 0, flags [DF], proto 6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
21:10:30.363124 IP (tos 0x0, ttl 53, id 4389, offset 0, flags [DF], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: ., cksum 0x2956 (correct), ack 8 win 5840 21:07:55.054752 IP (tos 0x0, ttl 53, id 10784, offset 0, flags [DF], proto 6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: . [tcp sum ok] ack 8 win 5840
21:11:15.504130 IP (tos 0x0, ttl 20, id 1, offset 0, flags [none], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36570: R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0 21:07:55.114216 IP (tos 0x0, ttl 53, id 10785, offset 0, flags [DF], proto 6, length: 1500) 87.86.7.52.http > 192.168.23.11.33258: . 1:1461(1460) ack 8 win 5840
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Ops I have the same at home :-) My Centos5 is not working too but my 4.x is working well !!!
I look like www.debtbusterloans.com return packet with bad checksum. Centos4 accept it, but Centos5 ignore it
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub ? Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which do not seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST when attempting to request pages - yet this appears to work for other websites.
So far, I've been able to narrow down that this is only happening on my CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially as it only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you
On 28/09/2007, Alain Spineux aspineux@gmail.com wrote:
Here are my own tcpdump, this is only the connection part. 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen) Lines are grouped 2 by 2 I see two strenge things :
- the windows is only 46bytes large !
- the centos4 send a packed with a bad checksum!
21:10:26.841544 IP (tos 0x10, ttl 64, id 31172, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S, cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss 1460,sackOK,timestamp 626170478 0,nop,wscale 7> 21:07:46.854517 IP (tos 0x10, ttl 64, id 16300, offset 0, flags [DF], proto 6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S [tcp sum ok] 830506483:830506483(0) win 5840 <mss 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
21:10:26.884069 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S, cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> 21:07:46.881494 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto 6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S [tcp sum ok] 2040411689:2040411689(0) ack 830506484 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:10:26.884120 IP (tos 0x10, ttl 64, id 31173, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: ., cksum 0x3fff (correct), ack 1 win 46 21:07:46.881575 IP (tos 0x10, ttl 64, id 16302, offset 0, flags [DF], proto 6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: . [tcp sum ok] ack 1 win 1460
21:10:30.317344 IP (tos 0x10, ttl 64, id 31174, offset 0, flags [DF], proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P, cksum 0x6b7d (correct), 1:8(7) ack 1 win 46 21:07:55.031547 IP (tos 0x10, ttl 64, id 16304, offset 0, flags [DF], proto 6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
21:10:30.363124 IP (tos 0x0, ttl 53, id 4389, offset 0, flags [DF], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: ., cksum 0x2956 (correct), ack 8 win 5840 21:07:55.054752 IP (tos 0x0, ttl 53, id 10784, offset 0, flags [DF], proto 6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: . [tcp sum ok] ack 8 win 5840
21:11:15.504130 IP (tos 0x0, ttl 20, id 1, offset 0, flags [none], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36570: R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0 21:07:55.114216 IP (tos 0x0, ttl 53, id 10785, offset 0, flags [DF], proto 6, length: 1500) 87.86.7.52.http > 192.168.23.11.33258: . 1:1461(1460) ack 8 win 5840
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Ops I have the same at home :-) My Centos5 is not working too but my 4.x is working well !!!
I look like www.debtbusterloans.com return packet with bad checksum. Centos4 accept it, but Centos5 ignore it
On 9/28/07, Alain Spineux aspineux@gmail.com wrote:
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub
?
Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which
do not
seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST
when
attempting to request pages - yet this appears to work for other
websites.
So far, I've been able to narrow down that this is only happening on
my
CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially
as it
only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Alain,
I'm seeing exactly the same issues as yourself.
I've got multiple CentOS5 machines and CentOS4.4 machines in my office network - as well as CentOS4.4 and CentOS5 at home - I'm seeing exactly the same issues behind iptables and BSD PF NAT.
I'm hoping someone will be able to suggest an answer - as my primary proxy server at the office is built on a CentOS5 machine.
Re your TCPdump... I see exactly the same thing as yourself. TCP session opens successfully, but as soon as you request a page, the session is closed.
Any ideas?
Regards, Garron
It could be a BUG in the kernel. I got the same on multiple architecture/hardware (fc6, fc7, centos5)
2.6.22.5-76.fc7 EVO n610c 2.6.20-2925.9.fc7xen DOM-0 on DELL PRECISION 360 2.6.18-1.2849.fc6 (in vmware) 2.6.18-8.el5xen DOM-X on DELL 360
but it works on:
centos 4.X 2.6.9-34.ELsmp windows XP ubuntu 7.X 2.6.20-15-generic
On 9/30/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
On 28/09/2007, Alain Spineux aspineux@gmail.com wrote:
Here are my own tcpdump, this is only the connection part. 192.168.23.11 is a centos4, .14 is a centos5 (2.6.18-8.el5xen) Lines are grouped 2 by 2 I see two strenge things :
- the windows is only 46bytes large !
- the centos4 send a packed with a bad checksum!
21:10: 26.841544 IP (tos 0x10, ttl 64, id 31172, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.23.14.36608 > 87.86.7.52.http: S, cksum 0x53a4 (correct), 1955586986:1955586986(0) win 5840 <mss 1460,sackOK,timestamp 626170478 0,nop,wscale 7> 21:07:46.854517 IP (tos 0x10, ttl 64, id 16300, offset 0, flags [DF], proto 6 , length: 60) 192.168.23.11.33258 > 87.86.7.52.http: S [tcp sum ok] 830506483:830506483(0) win 5840 <mss 1460,sackOK,timestamp 2948184671 0,nop,wscale 2>
21:10:26.884069 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto: TCP (6), length: 52) 87.86.7.52.http > 192.168.23.14.36608: S, cksum 0xe891 (correct), 1450179434:1450179434(0) ack 1955586987 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0> 21:07:46.881494 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto 6 , length: 52) 87.86.7.52.http > 192.168.23.11.33258: S [tcp sum ok] 2040411689:2040411689(0) ack 830506484 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 0>
21:10:26.884120 IP (tos 0x10, ttl 64, id 31173, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.23.14.36608 > 87.86.7.52.http: ., cksum 0x3fff (correct), ack 1 win 46 21:07:46.881575 IP (tos 0x10, ttl 64, id 16302, offset 0, flags [DF], proto 6 , length: 40) 192.168.23.11.33258 > 87.86.7.52.http: . [tcp sum ok] ack 1 win 1460
21:10:30.317344 IP (tos 0x10, ttl 64, id 31174, offset 0, flags [DF], proto: TCP (6), length: 47) 192.168.23.14.36608 > 87.86.7.52.http: P, cksum 0x6b7d (correct), 1:8(7) ack 1 win 46 21:07:55.031547 IP (tos 0x10, ttl 64, id 16304, offset 0, flags [DF], proto 6 , length: 47) 192.168.23.11.33258 > 87.86.7.52.http: P [bad tcp cksum 365f (->b5e9)!] 1:8(7) ack 1 win 1460
21:10:30.363124 IP (tos 0x0, ttl 53, id 4389, offset 0, flags [DF], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36608: ., cksum 0x2956 (correct), ack 8 win 5840 21:07:55.054752 IP (tos 0x0, ttl 53, id 10784, offset 0, flags [DF], proto 6 , length: 40) 87.86.7.52.http > 192.168.23.11.33258: . [tcp sum ok] ack 8 win 5840
21:11:15.504130 IP (tos 0x0, ttl 20, id 1, offset 0, flags [none], proto: TCP (6), length: 40) 87.86.7.52.http > 192.168.23.14.36570: R, cksum 0xa6df (correct), 235172837:235172837(0) ack 1829917834 win 0 21:07:55.114216 IP (tos 0x0, ttl 53, id 10785, offset 0, flags [DF], proto 6, length: 1500) 87.86.7.52.http > 192.168.23.11.33258: . 1:1461(1460) ack 8 win 5840
On 9/28/07, Alain Spineux < aspineux@gmail.com> wrote:
Ops I have the same at home :-) My Centos5 is not working too but my 4.x is working well !!!
I look like www.debtbusterloans.com return packet with bad checksum. Centos4 accept it, but Centos5 ignore it
On 9/28/07, Alain Spineux <aspineux@gmail.com > wrote:
Hi
Are eagle and Mailscanner on the same network, on the same switch/hub
?
Can you post your tcpdump for both connection. What is the NIC ?
On 9/27/07, Garron Kramer garron.gmail@epidemic.co.za wrote:
I seem to be having a problem with all of my CentOS5 machines, which
do not
seem to be a problem with CentOS4.4:
[garron@MailScanner ~]$ telnet www.debtbusterloans.com 80 Trying 87.86.7.52.. . Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET / HTTP/1.1 200 OK Date: Thu, 27 Sep 2007 10:34:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache ...
Yet:
[root@eagle ~]# telnet www.debtbusterloans.com 80 Trying 87.86.7.52... Connected to www.debtbusterloans.com (87.86.7.52). Escape character is '^]'. GET /
Connection closed by foreign host. [root@eagle ~]#
I've done a tcpdump, and it would appear as if I receive a TCP RST
when
attempting to request pages - yet this appears to work for other
websites.
So far, I've been able to narrow down that this is only happening on
my
CentOS5 machines and not CentOS4.4Server installations.
Could anyone please advise? Its the strangest problem - especially
as it
only affects certain websites.
Regards, Garron Kramer _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you
-- Alain Spineux aspineux gmail com May the sources be with you _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Alain,
I'm seeing exactly the same issues as yourself.
I've got multiple CentOS5 machines and CentOS4.4 machines in my office network - as well as CentOS4.4 and CentOS5 at home - I'm seeing exactly the same issues behind iptables and BSD PF NAT.
I'm hoping someone will be able to suggest an answer - as my primary proxy server at the office is built on a CentOS5 machine.
Re your TCPdump... I see exactly the same thing as yourself. TCP session opens successfully, but as soon as you request a page, the session is closed.
Any ideas?
Regards, Garron _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Alain Spineux -
Garron Kramer