[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] technical help with routing on Solaris 10


On Sun, 27 Nov 2005, Rodrick Brown wrote:
> Try running a snoop -V port 80 and telnet yahoo,com 80 again
> If your not getting a SYN_ACK its pretty clear that your firewall is
> dropping this packet you should see a SYN_SENT if you do a netstat -a
> if you dont kill the telnet session.  Your setup is pretty standard it
> doesnt look like a routing problem on the host side I would check the
> firewall logs/rules again.

Well, we're getting closer.  It appears the *reason* I'm not seeing 
the tcpdump packets is that I'm looking for source/destination of 
10.66.0.3, and that filter isn't working.  The snoop above shows:

Using device /dev/bge0 (promiscuous mode)
________________________________
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com ETHER Type=0800 (IP), size = 78 bytes
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com IP  D=66.94.234.13 S=10.66.3.31 LEN=64, ID=65425, TOS=0x0, TTL=64
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com TCP D=80 S=32807 Syn Seq=2773629415 Len=0 Win=32804 Options=<mss 1460,nop,nop,tstamp 1127208 0,nop,wscale 5,nop,nop,sackOK>
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com HTTP C port=32807 
________________________________
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com ETHER Type=0800 (IP), size = 78 bytes
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com IP  D=66.94.234.13 S=10.66.3.31 LEN=64, ID=65426, TOS=0x0, TTL=64
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com TCP D=80 S=32807 Syn Seq=2773629415 Len=0 Win=32804 Options=<mss 1460,nop,nop,tstamp 1127546 0,nop,wscale 5,nop,nop,sackOK>
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com HTTP C port=32807 
________________________________
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com ETHER Type=0800 (IP), size = 78 bytes
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com IP  D=66.94.234.13 S=10.66.3.31 LEN=64, ID=65427, TOS=0x0, TTL=64
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com TCP D=80 S=32807 Syn Seq=2773629415 Len=0 Win=32804 Options=<mss 1460,nop,nop,tstamp 1128222 0,nop,wscale 5,nop,nop,sackOK>
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com HTTP C port=32807 
________________________________
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com ETHER Type=0800 (IP), size = 54 bytes
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com IP  D=66.94.234.13 S=10.66.3.31 LEN=40, ID=65428, TOS=0x0, TTL=64
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com TCP D=80 S=32807 Rst Seq=2773629416 Len=0 Win=32804
im-b00-00.mgt.prd.sec.audible.com -> w2.rc.vip.scd.yahoo.com HTTP C port=32807

Of course, had I thought about it, it occurs to me that I *shouldn't* see 
the traffic going to/from the gateway.  Ugh.  I've been staring at this 
for way too long.

Thanks!

-Adam