|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
TCP DNS problem
Hello,
Could anyone help me to debug the problem ? I have problem with outbound http connections from OpenBSD box to external network. I use as firewall/NAT. The NAT for pc's behind it works ok. To reproduce problem i use Code:
ftp http://example.com/index.html Trying 93.184.216.34... Requesting http://example.com/index.html ^C If i use http://93.184.216.34/index.html the download succeeds. I thought this is related to my pf.conf but I don't see any packet in pflog0 directed to 93.184.216.34. My external interface is em1 which is used to establish pppoe session with my IP provider. I captured traffic on pppoe0 and em1 when using DNS or IP address. I think when using IP address connection ends ok, 93.184.216.34(example.com) sends FIN flag, ther is ACK and FIN from OpenBSD. When ftp http://example.com/index.html command is used the TCP stream is ended only from example.com side I have changed my IP in tcpdump to 8.8.8.8. Also ssh form OpenBSD box to outside machine works well. I would like to fix it because it blocks syspatch from working, and I ran out of ideas why the connection is closed only from one side when DNS adress is used. Code:
ftp http://example.com/index.html tcpdump -s 1500 -Xnnvvvettt -i pppoe0 'host 93.184.216.34' tcpdump: listening on pppoe0, link-type PPP_ETHER Jan 15 06:33:56.585752 PPPoE code Session, version 1, type 1, id 0x3679, length 66 IP 8.8.8.8.12281 > 93.184.216.34.80: S [tcp sum ok] 2996088536:2996088536(0) win 16384 <mss 1452,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 2780311879 0> (DF) (ttl 64, id 6227, len 64) 0000: 1100 3679 0042 0021 4500 0040 1853 4000 ..6y.B.!E..@.S@. 0010: 4006 db3a 0808 0808 5db8 d822 2ff9 0050 @..:..W.].."/..P 0020: b294 aed8 0000 0000 b002 4000 4622 0000 ..........@.F".. 0030: 0204 05ac 0101 0402 0103 0306 0101 080a ................ 0040: a5b8 3147 0000 0000 ..1G.... Jan 15 06:33:56.709524 PPPoE code Session, version 1, type 1, id 0x3679, length 62 IP 93.184.216.34.80 > 8.8.8.8.12281: S [tcp sum ok] 2428984108:2428984108(0) ack 2996088537 win 65535 <mss 1460,sackOK,timestamp 390670526 2780311879,nop,wscale 9> (ttl 53, id 655, len 60) 0000: 1100 3679 003e 0021 4500 003c 028f 0000 ..6y.>.!E..<.... 0010: 3506 3c03 5db8 d822 0808 0808 0050 2ff9 5.<.].."..W..P/. 0020: 90c7 5b2c b294 aed9 a012 ffff 6c11 0000 ..[,........l... 0030: 0204 05b4 0402 080a 1749 28be a5b8 3147 .........I(...1G 0040: 0103 0309 .... Jan 15 06:33:56.709599 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 8.8.8.8.12281 > 93.184.216.34.80: . [tcp sum ok] 1:1(0) ack 1 win 256 <nop,nop,timestamp 2780311879 390670526> (DF) (ttl 64, id 1689, len 52) 0000: 1100 3679 0036 0021 4500 0034 0699 4000 ..6y.6.!E..4..@. 0010: 4006 ed00 0808 0808 5db8 d822 2ff9 0050 @.....W.].."/..P 0020: b294 aed9 90c7 5b2d 8010 0100 99df 0000 ......[-........ 0030: 0101 080a a5b8 3147 1749 28be ......1G.I(. Jan 15 06:33:56.710079 PPPoE code Session, version 1, type 1, id 0x3679, length 126 IP 8.8.8.8.12281 > 93.184.216.34.80: P [tcp sum ok] 1:73(72) ack 1 win 256 <nop,nop,timestamp 2780311879 390670526> (DF) (ttl 64, id 38766, len 124) 0000: 1100 3679 007e 0021 4500 007c 976e 4000 ..6y.~.!E..|.n@. 0010: 4006 5be3 0808 0808 5db8 d822 2ff9 0050 @.[...W.].."/..P 0020: b294 aed9 90c7 5b2d 8018 0100 75be 0000 ......[-....u... 0030: 0101 080a a5b8 3147 1749 28be 4745 5420 ......1G.I(.GET 0040: 2f69 6e64 6578 2e68 746d 6c20 4854 5450 /index.html HTTP 0050: 2f31 2e30 0d0a 486f 7374 3a20 6578 616d /1.0..Host: exam 0060: 706c 652e 636f 6d0d 0a55 7365 722d 4167 ple.com..User-Ag 0070: 656e 743a 204f 7065 6e42 5344 2066 7470 ent: OpenBSD ftp 0080: 0d0a 0d0a .... Jan 15 06:33:56.833794 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.12281: . [tcp sum ok] 1:1(0) ack 73 win 283 <nop,nop,timestamp 390670651 2780311879> (ttl 53, id 678, len 52) 0000: 1100 3679 0036 0021 4500 0034 02a6 0000 ..6y.6.!E..4.... 0010: 3506 3bf4 5db8 d822 0808 0808 0050 2ff9 5.;.].."..W..P/. 0020: 90c7 5b2d b294 af21 8010 011b 98ff 0000 ..[-...!........ 0030: 0101 080a 1749 293b a5b8 3147 .....I);..1G Jan 15 06:33:56.834198 PPPoE code Session, version 1, type 1, id 0x3679, length 233 IP 93.184.216.34.80 > 8.8.8.8.12281: P [tcp sum ok] 1441:1620(179) ack 73 win 283 <nop,nop,timestamp 390670651 2780311879> (ttl 53, id 680, len 231) 0000: 1100 3679 00e9 0021 4500 00e7 02a8 0000 ..6y...!E....... 0010: 3506 3b3f 5db8 d822 0808 0808 0050 2ff9 5.;?].."..W..P/. 0020: 90c7 60cd b294 af21 8018 011b 1650 0000 ..`....!.....P.. 0030: 0101 080a 1749 293b a5b8 3147 696e 2069 .....I);..1Gin i 0040: 6e20 6c69 7465 7261 7475 7265 2077 6974 n literature wit 0050: 686f 7574 2070 7269 6f72 2063 6f6f 7264 hout prior coord 0060: 696e 6174 696f 6e20 6f72 2061 736b 696e ination or askin 0070: 6720 666f 7220 7065 726d 6973 7369 6f6e g for permission 0080: 2e3c 2f70 3e0a 2020 2020 3c70 3e3c 6120 .</p>. <p><a 0090: 6872 6566 3d22 6874 7470 733a 2f2f 7777 href="https://ww 00a0: 772e 6961 6e61 2e6f 7267 2f64 6f6d 6169 w.iana.org/domai 00b0: 6e73 2f65 7861 6d70 6c65 223e 4d6f 7265 ns/example">More 00c0: 2069 6e66 6f72 6d61 7469 6f6e 2e2e 2e3c information...< 00d0: 2f61 3e3c 2f70 3e0a 3c2f 6469 763e 0a3c /a></p>.</div>.< 00e0: 2f62 6f64 793e 0a3c 2f68 746d 6c3e 0a /body>.</html>. Jan 15 06:33:56.834207 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.12281: F [tcp sum ok] 1620:1620(0) ack 73 win 283 <nop,nop,timestamp 390670651 2780311879> (ttl 53, id 681, len 52) 0000: 1100 3679 0036 0021 4500 0034 02a9 0000 ..6y.6.!E..4.... 0010: 3506 3bf1 5db8 d822 0808 0808 0050 2ff9 5.;.].."..W..P/. 0020: 90c7 6180 b294 af21 8011 011b 92ab 0000 ..a....!........ 0030: 0101 080a 1749 293b a5b8 3147 .....I);..1G Jan 15 06:33:56.834283 PPPoE code Session, version 1, type 1, id 0x3679, length 66 IP 8.8.8.8.12281 > 93.184.216.34.80: . [tcp sum ok] 73:73(0) ack 1 win 256 <nop,nop,timestamp 2780311880 390670651,nop,nop,sack 1 {1441:1620} > (DF) (ttl 64, id 42781, len 64) 0000: 1100 3679 0042 0021 4500 0040 a71d 4000 ..6y.B.!E..@..@. 0010: 4006 4c70 0808 0808 5db8 d822 2ff9 0050 @.Lp..W.].."/..P 0020: b294 af21 90c7 5b2d b010 0100 7f25 0000 ...!..[-.....%.. 0030: 0101 080a a5b8 3148 1749 293b 0101 050a ......1H.I);.... 0040: 90c7 60cd 90c7 6180 ..`...a. Jan 15 06:33:56.834341 PPPoE code Session, version 1, type 1, id 0x3679, length 66 IP 8.8.8.8.12281 > 93.184.216.34.80: . [tcp sum ok] 73:73(0) ack 1 win 256 <nop,nop,timestamp 2780311880 390670651,nop,nop,sack 1 {1441:1620} > (DF) (ttl 64, id 20407, len 64) 0000: 1100 3679 0042 0021 4500 0040 4fb7 4000 ..6y.B.!E..@O.@. 0010: 4006 a3d6 0808 0808 5db8 d822 2ff9 0050 @.....W.].."/..P 0020: b294 af21 90c7 5b2d b010 0100 7f25 0000 ...!..[-.....%.. 0030: 0101 080a a5b8 3148 1749 293b 0101 050a ......1H.I);.... 0040: 90c7 60cd 90c7 6180 ..`...a. Here tranfsers stops After ctrl-c resuems Jan 15 06:34:27.975616 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 8.8.8.8.12281 > 93.184.216.34.80: F [tcp sum ok] 73:73(0) ack 1 win 256 <nop,nop,timestamp 2780311942 390670651> (DF) (ttl 64, id 16765, len 52) 0000: 1100 3679 0036 0021 4500 0034 417d 4000 ..6y.6.!E..4A}@. 0010: 4006 b21c 0808 0808 5db8 d822 2ff9 0050 @.....W.].."/..P 0020: b294 af21 90c7 5b2d 8011 0100 98da 0000 ...!..[-........ 0030: 0101 080a a5b8 3186 1749 293b ......1..I); Jan 15 06:34:28.099454 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.12281: . [tcp sum ok] 1621:1621(0) ack 74 win 283 <nop,nop,timestamp 390701916 2780311942> (ttl 53, id 5081, len 52) 0000: 1100 3679 0036 0021 4500 0034 13d9 0000 ..6y.6.!E..4.... 0010: 3506 2ac1 5db8 d822 0808 0808 0050 2ff9 5.*.].."..W..P/. 0020: 90c7 6181 b294 af22 8010 011b 184a 0000 ..a....".....J.. 0030: 0101 080a 1749 a35c a5b8 3186 .....I.\..1. Code:
ftp http://93.184.216.34/index.html tcpdump -s 1500 -Xnnvvvettt -i pppoe0 'host 93.184.216.34' tcpdump: listening on pppoe0, link-type PPP_ETHER Jan 15 06:37:09.815142 PPPoE code Session, version 1, type 1, id 0x3679, length 66 IP 8.8.8.8.20858 > 93.184.216.34.80: S [tcp sum ok] 2319111801:2319111801(0) win 16384 <mss 1452,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 3833200425 0> (DF) (ttl 64, id 3322, len 64) 0000: 1100 3679 0042 0021 4500 0040 0cfa 4000 ..6y.B.!E..@..@. 0010: 4006 e693 0808 0808 5db8 d822 517a 0050 @.....W.].."Qz.P 0020: 8a3a d679 0000 0000 b002 4000 18b6 0000 .:.y......@..... 0030: 0204 05ac 0101 0402 0103 0306 0101 080a ................ 0040: e479 ff29 0000 0000 .y.).... Jan 15 06:37:09.936341 PPPoE code Session, version 1, type 1, id 0x3679, length 62 IP 93.184.216.34.80 > 8.8.8.8.20858: S [tcp sum ok] 3116914872:3116914872(0) ack 2319111802 win 65535 <mss 1460,sackOK,timestamp 1620630145 3833200425,nop,wscale 9> (ttl 53, id 37894, len 60) 0000: 1100 3679 003e 0021 4500 003c 9406 0000 ..6y.>.!E..<.... 0010: 3506 aa8b 5db8 d822 0808 0808 0050 517a 5...].."..W..PQz 0020: b9c8 58b8 8a3a d67a a012 ffff 1d05 0000 ..X..:.z........ 0030: 0204 05b4 0402 080a 6098 da81 e479 ff29 ........`....y.) 0040: 0103 0309 .... Jan 15 06:37:09.936420 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 8.8.8.8.20858 > 93.184.216.34.80: . [tcp sum ok] 1:1(0) ack 1 win 256 <nop,nop,timestamp 3833200426 1620630145> (DF) (ttl 64, id 14430, len 52) 0000: 1100 3679 0036 0021 4500 0034 385e 4000 ..6y.6.!E..48^@. 0010: 4006 bb3b 0808 0808 5db8 d822 517a 0050 @..;..W.].."Qz.P 0020: 8a3a d67a b9c8 58b9 8010 0100 4ad2 0000 .:.z..X.....J... 0030: 0101 080a e479 ff2a 6098 da81 .....y.*`... Jan 15 06:37:09.936946 PPPoE code Session, version 1, type 1, id 0x3679, length 128 IP 8.8.8.8.20858 > 93.184.216.34.80: P [tcp sum ok] 1:75(74) ack 1 win 256 <nop,nop,timestamp 3833200426 1620630145> (DF) (ttl 64, id 7070, len 126) 0000: 1100 3679 0080 0021 4500 007e 1b9e 4000 ..6y...!E..~..@. 0010: 4006 d7b1 0808 0808 5db8 d822 517a 0050 @.....W.].."Qz.P 0020: 8a3a d67a b9c8 58b9 8018 0100 326b 0000 .:.z..X.....2k.. 0030: 0101 080a e479 ff2a 6098 da81 4745 5420 .....y.*`...GET 0040: 2f69 6e64 6578 2e68 746d 6c20 4854 5450 /index.html HTTP 0050: 2f31 2e30 0d0a 486f 7374 3a20 3933 2e31 /1.0..Host: 93.1 0060: 3834 2e32 3136 2e33 340d 0a55 7365 722d 84.216.34..User- 0070: 4167 656e 743a 204f 7065 6e42 5344 2066 Agent: OpenBSD f 0080: 7470 0d0a 0d0a tp.... Jan 15 06:37:10.057959 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.20858: . [tcp sum ok] 1:1(0) ack 75 win 283 <nop,nop,timestamp 1620630266 3833200426> (ttl 53, id 37922, len 52) 0000: 1100 3679 0036 0021 4500 0034 9422 0000 ..6y.6.!E..4.".. 0010: 3506 aa77 5db8 d822 0808 0808 0050 517a 5..w].."..W..PQz 0020: b9c8 58b9 8a3a d6c4 8010 011b 49f4 0000 ..X..:......I... 0030: 0101 080a 6098 dafa e479 ff2a ....`....y.* Jan 15 06:37:10.058393 PPPoE code Session, version 1, type 1, id 0x3679, length 360 IP 93.184.216.34.80 > 8.8.8.8.20858: P [tcp sum ok] 1:307(306) ack 75 win 283 <nop,nop,timestamp 1620630267 3833200426> (ttl 53, id 37923, len 358) 0000: 1100 3679 0168 0021 4500 0166 9423 0000 ..6y.h.!E..f.#.. 0010: 3506 a944 5db8 d822 0808 0808 0050 517a 5..D].."..W..PQz 0020: b9c8 58b9 8a3a d6c4 8018 011b 5a79 0000 ..X..:......Zy.. 0030: 0101 080a 6098 dafb e479 ff2a 4854 5450 ....`....y.*HTTP 0040: 2f31 2e30 2032 3030 204f 4b0d 0a41 6363 /1.0 200 OK..Acc 0050: 6570 742d 5261 6e67 6573 3a20 6279 7465 ept-Ranges: byte 0060: 730d 0a43 6f6e 7465 6e74 2d54 7970 653a s..Content-Type: 0070: 2074 6578 742f 6874 6d6c 0d0a 4461 7465 text/html..Date 0080: 3a20 5765 642c 2031 3520 4a61 6e20 3230 : Wed, 15 Jan 20 0090: 3230 2030 353a 3337 3a30 3920 474d 540d 20 05:37:09 GMT. 00a0: 0a4c 6173 742d 4d6f 6469 6669 6564 3a20 .Last-Modified: 00b0: 5765 642c 2031 3520 4a61 6e20 3230 3230 Wed, 15 Jan 2020 00c0: 2030 353a 3337 3a30 3120 474d 540d 0a53 05:37:01 GMT..S 00d0: 6572 7665 723a 2045 4353 2028 6463 622f erver: ECS (dcb/ 00e0: 3746 3833 290d 0a43 6f6e 7465 6e74 2d4c 7F83)..Content-L 00f0: 656e 6774 683a 2039 340d 0a43 6f6e 6e65 ength: 94..Conne 0100: 6374 696f 6e3a 2063 6c6f 7365 0d0a 0d0a ction: close.... 0110: 3c68 746d 6c3e 3c68 6561 643e 3c74 6974 <html><head><tit 0120: 6c65 3e65 6467 6563 6173 7463 646e 2e6e le>edgecastcdn.n 0130: 6574 3c2f 7469 746c 653e 3c2f 6865 6164 et</title></head 0140: 3e3c 626f 6479 3e3c 6831 3e65 6467 6563 ><body><h1>edgec 0150: 6173 7463 646e 2e6e 6574 3c2f 6831 3e3c astcdn.net</h1>< 0160: 2f62 6f64 793e 3c2f 6874 6d6c 3e0a /body></html>. Jan 15 06:37:10.058403 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.20858: F [tcp sum ok] 307:307(0) ack 75 win 283 <nop,nop,timestamp 1620630267 3833200426> (ttl 53, id 37924, len 52) 0000: 1100 3679 0036 0021 4500 0034 9424 0000 ..6y.6.!E..4.$.. 0010: 3506 aa75 5db8 d822 0808 0808 0050 517a 5..u].."..W..PQz 0020: b9c8 59eb 8a3a d6c4 8011 011b 48c0 0000 ..Y..:......H... 0030: 0101 080a 6098 dafb e479 ff2a ....`....y.* Jan 15 06:37:10.058448 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 8.8.8.8.20858 > 93.184.216.34.80: . [tcp sum ok] 75:75(0) ack 308 win 251 <nop,nop,timestamp 3833200426 1620630267> (DF) (ttl 64, id 18852, len 52) 0000: 1100 3679 0036 0021 4500 0034 49a4 4000 ..6y.6.!E..4I.@. 0010: 4006 a9f5 0808 0808 5db8 d822 517a 0050 @.....W.].."Qz.P 0020: 8a3a d6c4 b9c8 59ec 8010 00fb 48e0 0000 .:....Y.....H... 0030: 0101 080a e479 ff2a 6098 dafb .....y.*`... Jan 15 06:37:10.069174 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 8.8.8.8.20858 > 93.184.216.34.80: F [tcp sum ok] 75:75(0) ack 308 win 256 <nop,nop,timestamp 3833200426 1620630267> (DF) (ttl 64, id 5600, len 52) 0000: 1100 3679 0036 0021 4500 0034 15e0 4000 ..6y.6.!E..4..@. 0010: 4006 ddb9 0808 0808 5db8 d822 517a 0050 @.....W.].."Qz.P 0020: 8a3a d6c4 b9c8 59ec 8011 0100 48da 0000 .:....Y.....H... 0030: 0101 080a e479 ff2a 6098 dafb .....y.*`... Jan 15 06:37:10.190118 PPPoE code Session, version 1, type 1, id 0x3679, length 54 IP 93.184.216.34.80 > 8.8.8.8.20858: . [tcp sum ok] 308:308(0) ack 76 win 283 <nop,nop,timestamp 1620630399 3833200426> (ttl 53, id 37946, len 52) 0000: 1100 3679 0036 0021 4500 0034 943a 0000 ..6y.6.!E..4.:.. 0010: 3506 aa5f 5db8 d822 0808 0808 0050 517a 5.._].."..W..PQz 0020: b9c8 59ec 8a3a d6c5 8010 011b 483b 0000 ..Y..:......H;.. 0030: 0101 080a 6098 db7f e479 ff2a ....`....y.* |
|
|||
I never used PPPoE and from the logs provided I don't see what is could be wrong. At a first glance ( I have to cook ;-) )
But a common issue with PPPoE is the overhead from 8 bytes added to the standard 1500 ethernet packet size. See https://en.wikipedia.org/wiki/Point-...ad_on_Ethernet What is the MTU setting of your NIC? You could try setting it to 1492.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I don't think it has anything to do with your setup. When I use firefox on FreeBSD 12.0 I get similar results:
Code:
On firefox address bar: http://93.184.216.34/index.html Result: edgecastcdn.net On firefox address bar: http://example.com/index.html Result: Example Domain This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission. More information... ===================== On firefox address bar: http://93.184.216.34/index.html Result: edgecastcdn.net
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
||||
Quote:
Last edited by IdOp; 20th January 2020 at 07:15 AM. |
|
|||
Quote:
I had Code:
match in all scrub (reassemble tcp no-df random-id max-mss 1440) After adding Code:
match out all scrub (reassemble tcp no-df random-id max-mss 1440) I suspected that the FIN packet from OpenBSD box went missing but as there were a lot of traffic there I had trouble looking at the ifconfig statistics. Thanks again. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Boot problem. Geometry problem? | gulanito | FreeBSD Installation and Upgrading | 0 | 3rd July 2009 03:03 AM |