Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with intermittent connectivity issues to multi WAN CARP

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    1
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pwnell
      last edited by

      First some quick background.  I have two pfSense 2.0 RELEASE boxes, each with 5 Intel Gigabit NICs.  CARP uses up 1 interface on each machine, with a direct ethernet cable between the two boxes.  There are two different ISP's, one PPPOE the other Static.  For the PPPOE I have set up both boxes to the same WAN IP, but only the master is dialled in.  The other machine will be a hot standby.  Traffic through this interface works perfectly.  The ISP with the Static IPs are configured like this:

      IP1 to WAN2 on master
      IP2 to WAN2 on slave
      IP3 as VIP on the CARP cluster on WAN2

      I have a gateway for WAN and another gateway for WAN2.

      LAN side is also CARP.  I have:

      IPa to LAN on master
      IPb to LAN on slave
      IPc to VIP on CARP cluster on LAN

      This allows me redundancy from the LAN side as well.

      Outbound NAT is manual. Lots of WAN entries in there, but the relevant WAN2 entry is:

      WAN2   10.300.0.0/16 * * * IP3 * NO

      with IP3 the WAN2 VIP IP.

      I have this NAT rule:

      WAN2 TCP * * IP3 443 (HTTPS) PDC 443 (HTTPS)

      which automatically created this WAN2 firewall rule:

      TCP * * PDC 443 (HTTPS) * none

      Port 443 is Outlook Web Access on an Exchange server (PDC).  Problem is I get random connection reset errors when trying to connect to https://IP3/owa.  Using microsoft's activesync checker, it randomly fails checking the certificate saying that the connection was unexpectedly reset.  But sometimes I can get in and use OWA for a while without issues.

      What would cause these issues?  Do I need to specify a different gateway?  WAN's gateway is the default, not WAN2 which I have this NAT entry on.  Is that the issue? How do I correct it?

      Update:
      From outside the network, I tried to telnet to port 443:

      xxx:~$ telnet IP3 443
      Trying IP3…
      Connected to IP3.
      Escape character is '^]'.
      Connection closed by foreign host.

      It opens the port and immediately closes it.

      If I change the NAT rule to:

      WAN2 TCP * * IP1 443 (HTTPS) PDC 443 (HTTPS)

      Then:

      xxx:~$ telnet IP1 443
      Trying IP1...
      Connected to IP1.
      Escape character is '^]'.

      It works fine.  Hitting HTTPS with a web browser works sometimes, if I refresh like 10 times.  But it always behaves erratically, like the return packets being routed through the wrong gateway or something.

      1 Reply Last reply Reply Quote 0
      • P
        pwnell
        last edited by

        Here is a packet trace of several failed telnet attempts to the VIP on port 443, but one (the last) connection attempt worked and I typed in "123456".  IP 96.55.212.111 is me (remote).

        
15:05:54.207394 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 15962, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.40914 > IP3.443: Flags [s], cksum 0xabd1 (correct), seq 2148077301, win 14600, options [mss 1460,sackOK,TS val 475082927 ecr 0,nop,wscale 7], length 0
15:05:54.207750 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25827, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.40914: Flags [S.], cksum 0x3415 (correct), seq 2115860450, ack 2148077302, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67671722 ecr 475082927], length 0
15:05:54.338070 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 15963, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.40914 > IP3.443: Flags [.], cksum 0x824e (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475082960 ecr 67671722], length 0
15:05:54.711666 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 25828, offset 0, flags [DF], proto TCP (6), length 40)
    IP3.443 > 96.55.212.111.19713: Flags [R.], cksum 0xd344 (correct), seq 1909980108, ack 3948433208, win 0, length 0
15:05:55.002668 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 25501, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.54434 > IP3.443: Flags [s], cksum 0x7ced (correct), seq 895505131, win 14600, options [mss 1460,sackOK,TS val 475083126 ecr 0,nop,wscale 7], length 0
15:05:55.002991 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25829, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.54434: Flags [S.], cksum 0xf68e (correct), seq 3570478977, ack 895505132, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67671801 ecr 475083126], length 0
15:05:55.007543 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 25501, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.54434 > IP3.443: Flags [s], cksum 0x7ced (correct), seq 895505131, win 14600, options [mss 1460,sackOK,TS val 475083126 ecr 0,nop,wscale 7], length 0
15:05:55.051898 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 25502, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.54434 > IP3.443: Flags [.], cksum 0x44dd (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083138 ecr 67671801], length 0
15:05:55.652288 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 30670, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.9891 > IP3.443: Flags [s], cksum 0xb538 (correct), seq 3079095768, win 14600, options [mss 1460,sackOK,TS val 475083286 ecr 0,nop,wscale 7], length 0
15:05:55.652613 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25830, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.9891: Flags [S.], cksum 0xf0c8 (correct), seq 1123811111, ack 3079095769, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67671866 ecr 475083286], length 0
15:05:55.656900 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 30670, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.9891 > IP3.443: Flags [s], cksum 0xb538 (correct), seq 3079095768, win 14600, options [mss 1460,sackOK,TS val 475083286 ecr 0,nop,wscale 7], length 0
15:05:55.698376 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 30671, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.9891 > IP3.443: Flags [.], cksum 0x3f15 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083300 ecr 67671866], length 0
15:05:56.307641 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 31546, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.57895 > IP3.443: Flags [s], cksum 0xd9c4 (correct), seq 3542239622, win 14600, options [mss 1460,sackOK,TS val 475083452 ecr 0,nop,wscale 7], length 0
15:05:56.307952 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25836, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.57895: Flags [S.], cksum 0x0b3b (correct), seq 319043831, ack 3542239623, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67671932 ecr 475083452], length 0
15:05:56.313762 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 31546, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.57895 > IP3.443: Flags [s], cksum 0xd9c4 (correct), seq 3542239622, win 14600, options [mss 1460,sackOK,TS val 475083452 ecr 0,nop,wscale 7], length 0
15:05:56.389837 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 31547, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.57895 > IP3.443: Flags [.], cksum 0x5981 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083472 ecr 67671932], length 0
15:05:57.002595 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 63156, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.12153 > IP3.443: Flags [s], cksum 0x7b3d (correct), seq 1733477854, win 14600, options [mss 1460,sackOK,TS val 475083626 ecr 0,nop,wscale 7], length 0
15:05:57.002954 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25838, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.12153: Flags [S.], cksum 0x7a80 (correct), seq 2535122638, ack 1733477855, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672001 ecr 475083626], length 0
15:05:57.024584 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 63156, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.12153 > IP3.443: Flags [s], cksum 0x7b3d (correct), seq 1733477854, win 14600, options [mss 1460,sackOK,TS val 475083626 ecr 0,nop,wscale 7], length 0
15:05:57.046573 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 63157, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.12153 > IP3.443: Flags [.], cksum 0xc8cf (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083637 ecr 67672001], length 0
15:05:57.659952 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 23894, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.17736 > IP3.443: Flags [s], cksum 0xb930 (correct), seq 1869769048, win 14600, options [mss 1460,sackOK,TS val 475083790 ecr 0,nop,wscale 7], length 0
15:05:57.660246 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25839, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.17736: Flags [S.], cksum 0xca0f (correct), seq 716718419, ack 1869769049, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672067 ecr 475083790], length 0
15:05:57.672578 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 23894, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.17736 > IP3.443: Flags [s], cksum 0xb930 (correct), seq 1869769048, win 14600, options [mss 1460,sackOK,TS val 475083790 ecr 0,nop,wscale 7], length 0
15:05:57.709558 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 23895, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.17736 > IP3.443: Flags [.], cksum 0x185e (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083802 ecr 67672067], length 0
15:05:58.339420 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 52906, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.51979 > IP3.443: Flags [s], cksum 0x9fb7 (correct), seq 1908668946, win 14600, options [mss 1460,sackOK,TS val 475083960 ecr 0,nop,wscale 7], length 0
15:05:58.339729 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25840, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.51979: Flags [S.], cksum 0x704b (correct), seq 2627866480, ack 1908668947, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672135 ecr 475083960], length 0
15:05:58.360415 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 52906, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.51979 > IP3.443: Flags [s], cksum 0x9fb7 (correct), seq 1908668946, win 14600, options [mss 1460,sackOK,TS val 475083960 ecr 0,nop,wscale 7], length 0
15:05:58.425874 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 52907, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.51979 > IP3.443: Flags [.], cksum 0xbe90 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475083981 ecr 67672135], length 0
15:05:59.035383 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 14178, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.25261 > IP3.443: Flags [s], cksum 0x4642 (correct), seq 720896516, win 14600, options [mss 1460,sackOK,TS val 475084134 ecr 0,nop,wscale 7], length 0
15:05:59.035693 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25842, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.25261: Flags [S.], cksum 0x5fda (correct), seq 1831269794, ack 720896517, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672204 ecr 475084134], length 0
15:05:59.041748 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 14178, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.25261 > IP3.443: Flags [s], cksum 0x4642 (correct), seq 720896516, win 14600, options [mss 1460,sackOK,TS val 475084134 ecr 0,nop,wscale 7], length 0
15:05:59.083602 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 14179, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.25261 > IP3.443: Flags [.], cksum 0xae29 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475084145 ecr 67672204], length 0
15:05:59.628652 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 22111, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.56197 > IP3.443: Flags [s], cksum 0x1eef (correct), seq 2000511909, win 14600, options [mss 1460,sackOK,TS val 475084282 ecr 0,nop,wscale 7], length 0
15:05:59.628940 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25843, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.56197: Flags [S.], cksum 0xe564 (correct), seq 3049586666, ack 2000511910, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672264 ecr 475084282], length 0
15:05:59.652133 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 22111, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.56197 > IP3.443: Flags [s], cksum 0x1eef (correct), seq 2000511909, win 14600, options [mss 1460,sackOK,TS val 475084282 ecr 0,nop,wscale 7], length 0
15:05:59.700353 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 22112, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.56197 > IP3.443: Flags [.], cksum 0x33ad (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475084300 ecr 67672264], length 0
15:06:00.220170 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 49040, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.28357 > IP3.443: Flags [s], cksum 0x2cb0 (correct), seq 2955905310, win 14600, options [mss 1460,sackOK,TS val 475084430 ecr 0,nop,wscale 7], length 0
15:06:00.220464 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25844, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.28357: Flags [S.], cksum 0x7774 (correct), seq 562368417, ack 2955905311, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672323 ecr 475084430], length 0
15:06:00.224416 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 53, id 49040, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.28357 > IP3.443: Flags [s], cksum 0x2cb0 (correct), seq 2955905310, win 14600, options [mss 1460,sackOK,TS val 475084430 ecr 0,nop,wscale 7], length 0
15:06:00.268768 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 49041, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.28357 > IP3.443: Flags [.], cksum 0xc5c2 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475084442 ecr 67672323], length 0
15:06:01.016693 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 19553, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.54434 > IP3.443: Flags [R], cksum 0xf3e8 (correct), seq 0, win 0, length 0
15:06:01.017818 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 30924, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.9891 > IP3.443: Flags [R], cksum 0xa1e8 (correct), seq 0, win 0, length 0
15:06:01.019569 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 28838, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.57895 > IP3.443: Flags [R], cksum 0xe663 (correct), seq 0, win 0, length 0
15:06:01.020316 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 920, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.25261 > IP3.443: Flags [R], cksum 0x65de (correct), seq 0, win 0, length 0
15:06:01.021564 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 27937, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.12153 > IP3.443: Flags [R], cksum 0x9912 (correct), seq 0, win 0, length 0
15:06:01.022690 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 13464, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.28357 > IP3.443: Flags [R], cksum 0x59c6 (correct), seq 0, win 0, length 0
15:06:01.024442 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 2853, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.56197 > IP3.443: Flags [R], cksum 0xed05 (correct), seq 0, win 0, length 0
15:06:01.025316 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 5819, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.17736 > IP3.443: Flags [R], cksum 0x8343 (correct), seq 0, win 0, length 0
15:06:01.026811 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 10993, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.51979 > IP3.443: Flags [R], cksum 0xfd7f (correct), seq 0, win 0, length 0
15:06:01.027688 00:1b:2f:07:45:55 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 255, id 14420, offset 0, flags [none], proto TCP (6), length 40)
    96.55.212.111.40914 > IP3.443: Flags [R], cksum 0x28b9 (correct), seq 0, win 0, length 0
15:06:01.117011 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 36418, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.3920 > IP3.443: Flags [s], cksum 0xac4c (correct), seq 1595586860, win 14600, options [mss 1460,sackOK,TS val 475084654 ecr 0,nop,wscale 7], length 0
15:06:01.117358 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 25845, offset 0, flags [DF], proto TCP (6), length 60)
    IP3.443 > 96.55.212.111.3920: Flags [S.], cksum 0x320b (correct), seq 26997814, ack 1595586861, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 67672413 ecr 475084654], length 0
15:06:01.179221 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 36419, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.3920 > IP3.443: Flags [.], cksum 0x8055 (correct), seq 1, ack 1, win 115, options [nop,nop,TS val 475084670 ecr 67672413], length 0
15:06:04.040512 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 36420, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.3920 > IP3.443: Flags [P.], cksum 0xd6d3 (correct), seq 1:9, ack 1, win 115, options [nop,nop,TS val 475085385 ecr 67672413], length 8
15:06:04.258634 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 25849, offset 0, flags [DF], proto TCP (6), length 52)
    IP3.443 > 96.55.212.111.3920: Flags [.], cksum 0x7bb7 (correct), seq 1, ack 9, win 260, options [nop,nop,TS val 67672727 ecr 475085385], length 0
15:06:04.301480 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 54, id 36421, offset 0, flags [DF], proto TCP (6), length 60)
    96.55.212.111.3920 > IP3.443: Flags [P.], cksum 0xd691 (correct), seq 1:9, ack 1, win 115, options [nop,nop,TS val 475085451 ecr 67672413], length 8
15:06:04.301725 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 127, id 25850, offset 0, flags [DF], proto TCP (6), length 64)
    IP3.443 > 96.55.212.111.3920: Flags [.], cksum 0x1504 (correct), seq 1, ack 9, win 260, options [nop,nop,TS val 67672731 ecr 475085385,nop,nop,sack 1 {1:9}], length 0
15:06:05.921517 00:0f:25:8f:e0:80 > 00:00:5f:00:01:01, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 54, id 36422, offset 0, flags [DF], proto TCP (6), length 52)
    96.55.212.111.3920 > IP3.443: Flags [F.], cksum 0x7a6d (correct), seq 9, ack 1, win 115, options [nop,nop,TS val 475085855 ecr 67672731], length 0
15:06:05.922044 00:1b:21:bd:6a:43 > 00:0f:25:8f:e0:80, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 25854, offset 0, flags [DF], proto TCP (6), length 40)
    IP3.443 > 96.55.212.111.3920: Flags [R.], cksum 0xab07 (correct), seq 1, ack 10, win 0, length 0
[/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s][/s]
        1 Reply Last reply Reply Quote 0
        • P
          pwnell
          last edited by

          More info.

          I have another NAT mapping, identical to the 443, but this is for port 25.  It works perfectly.

          So I tried to change the NAT like so:

          WAN2    TCP    *    *    IP3    444 (HTTPS)    PDC    443 (HTTPS)

          And that works perfectly.  Accessing it on http://IP3:444/ works always.

          Changing it to:

          WAN2    TCP    *    *    IP3    443 (HTTPS)    OTHER_SERVER    443 (HTTPS)

          Causes the same issues - hence it is not the destination server at fault.

          The other mapping I have is also identical to the 443, but for port 80.  This one works too.

          As I said, loading the NAT on IP1 (the WAN2 real IP) works to 443.

          State table entry after a telnet that connected/disconnected looks like this:

          tcp PDC:443 <- IP3:443 <- 96.55.212.111:64668 ESTABLISHED:ESTABLISHED
          tcp 96.55.212.111:64668 -> PDC:443 ESTABLISHED:ESTABLISHED

          Any help would be appreciated.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post