[ previous ] [ next ] [ threads ]
 
 From:  Axel Eble <axel dot eble at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Fwd: [m0n0wall] Incompatibility with Symantec's Velociraptor firewall ?
 Date:  Tue, 19 Oct 2004 17:49:36 +0200
---------- Forwarded message ----------
From: Axel Eble <axel dot eble at gmail dot com>
Date: Tue, 19 Oct 2004 17:49:20 +0200
Subject: Re: [m0n0wall] Incompatibility with Symantec's Velociraptor firewall ?
To: Frank Peschel <frank dot peschel at nexgo dot de>


On Tue, 19 Oct 2004 17:20:55 +0200, Frank Peschel
<frank dot peschel at nexgo dot de> wrote:
> Dear all,
>
> using M0n0wall Version 1.2b1 I encounter problems connecting to e.g. http://www.bios-online.de/ .
>
> Sylog shows messages of the form:
> [DateTime] ipmon[69]: [Time] ng0 @0:31 b [WebServerIP],80 -> [InternalHostIP],[DynPort] PR tcp len
20 48 -A IN
>
> Windows Terminal sessions ARE possible: rdp://www.bios-online.de
>
> I've done a packet capture (see below). Seems all SYN's to port 80 are answered with ACK's instead
of SYN/ACK's
> Not using M0n0wall (Direct Dial-up / whatever) everything works fine and SYN's are answered
correctly by these servers. I believe
> the webserver ist behind a Symantec Velociraptor appliance.
>
> M0n0wall acts correct when blocking the ACK packets because it works stateful and at this time the
TCP three-way-handshake is not
> complete. But what causes the other side to send ACK, not SYN/ACK !?

You were using Internet Explorer, right?

> Kind regards,
> - Frank

Axel

--

VoIP: 8002887 at sipgate dot de * cell: +49.178.285-3265


-- 

VoIP: 8002887 at sipgate dot de * cell: +49.178.285-3265