|
||||||||
Hello Axel, drogram does not matter. Simple "telnet www.bios-online.de 80" does the same. Also tested Opera / Mozilla on Windows / Linux. Bye, - Frank -----Ursprüngliche Nachricht----- Von: Axel Eble [mailto:axel dot eble at gmail dot com] Gesendet: Dienstag, 19. Oktober 2004 17:50 An: m0n0wall at lists dot m0n0 dot ch Betreff: Fwd: [m0n0wall] Incompatibility with Symantec's Velociraptor firewall ? ---------- Forwarded message ---------- From: Axel Eble <axel dot eble at gmail dot com> Date: Tue, 19 Oct 2004 17:49:20 +0200 Subject: Re: [m0n0wall] Incompatibility with Symantec's Velociraptor firewall ? To: Frank Peschel <frank dot peschel at nexgo dot de> On Tue, 19 Oct 2004 17:20:55 +0200, Frank Peschel <frank dot peschel at nexgo dot de> wrote: > Dear all, > > using M0n0wall Version 1.2b1 I encounter problems connecting to e.g. http://www.bios-online.de/ . > > Sylog shows messages of the form: > [DateTime] ipmon[69]: [Time] ng0 @0:31 b [WebServerIP],80 -> [InternalHostIP],[DynPort] PR tcp len 20 48 -A IN > > Windows Terminal sessions ARE possible: rdp://www.bios-online.de > > I've done a packet capture (see below). Seems all SYN's to port 80 are answered with ACK's instead of SYN/ACK's > Not using M0n0wall (Direct Dial-up / whatever) everything works fine and SYN's are answered correctly by these servers. I believe > the webserver ist behind a Symantec Velociraptor appliance. > > M0n0wall acts correct when blocking the ACK packets because it works stateful and at this time the TCP three-way-handshake is not > complete. But what causes the other side to send ACK, not SYN/ACK !? You were using Internet Explorer, right? > Kind regards, > - Frank Axel -- Axel Eble, CISSP * Trienter Str. 6b * 87437 Kempten (Allgäu) * Germany VoIP: 8002887 at sipgate dot de * cell: +49.178.285-3265 -- Axel Eble, CISSP * Trienter Str. 6b * 87437 Kempten (Allgäu) * Germany VoIP: 8002887 at sipgate dot de * cell: +49.178.285-3265 |