[ale] Stumped by Slashdot and network problems
John Wells
lists at sourceillustrated.com
Sat Oct 23 19:46:59 EDT 2004
Guys,
I'm having a network problem regarding which I hope you can provide some
insight. I have an interesting setup, in that I have a NAT'd connection
to the internet, but I also have another NAT'd firewall behind *that*
firewall that allows wireless connections to VPN into my internal LAN via
PPTP (to support Macs).
Everything has been working fine, and I can pull up any site from my
wireless connection. But...if I try slashdot:
[root at airport scripts]# tcpdump host slashdot.org
tcpdump: listening on eth0
03:22:43.001759 172.16.3.2.2143 > slashdot.org.http: F
826142373:826142373(0) ack 2628767187 win 17200 (DF)
03:22:43.002294 172.16.3.2.2174 > slashdot.org.http: S
838336042:838336042(0) win 16384 <mss 860,nop,nop,sackOK> (DF)
03:22:43.111256 slashdot.org.http > 172.16.3.2.2174: S
2761579604:2761579604(0) ack 838336043 win 5840 <mss 1460,nop,nop,sackOK>
(DF) [tos 0x20]
03:22:43.115439 172.16.3.2.2174 > slashdot.org.http: . ack 1 win 17200 (DF)
03:22:43.119546 172.16.3.2.2174 > slashdot.org.http: P 1:481(480) ack 1
win 17200 (DF)
03:22:43.139064 slashdot.org.http > 172.16.3.2.2143: . ack 1 win 6432 (DF)
[tos 0x20]
03:22:43.390118 slashdot.org.http > 172.16.3.2.2174: . ack 481 win 6432
(DF) [tos 0x20]
03:22:48.622356 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:48.622786 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:48.627690 slashdot.org.http > 172.16.3.2.2174: . 861:1721(860) ack
481 win 6432 (DF) [tos 0x20]
03:22:48.627931 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:51.617229 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:51.617486 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:52.497982 slashdot.org.http > 172.16.3.2.2143: . 1:861(860) ack 1
win 6432 (DF) [tos 0x20]
03:22:52.498089 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:22:57.618855 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:22:57.619334 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
03:23:09.622825 slashdot.org.http > 172.16.3.2.2174: . 1:861(860) ack 481
win 6432 (DF) [tos 0x20]
03:23:09.623369 172.16.3.2 > slashdot.org: icmp: 172.16.3.2 unreachable -
need to frag (mtu 896) [tos 0xc0]
172.16.3.2 is the interface that wireless connections would be MASQ'ing
through. It really looks like this:
[wireless hosts 172.16.2.10-20] -> [FIRST NAT 172.16.3.2] -> [ SECOND NAT
66.234.19.133] -> INTERNET
I've been beating my head against this too long, and am a bit muddled.
Anyone care to speculate what might be happening?
Thanks,
John
More information about the Ale
mailing list