From: Alexander Goeres (agoeres_at_lieblinx.net)
Date: Wed 07 Jan 2004 - 16:30:17 GMT
For my problem, I don't think it's vserver-related. Today I could compile a
vanilla 2.4.23-kernel on the relevant host-server without any vserver
implementation. After a reboot in this kernel I did a "telnet
remote.mail.server 25" from the host-server and it timed out as before. It
looks as if it's a firewall-problem on the remote side but the admins in
charge there of course claim, that it's not so.. I can't look into their
firewall, but a more agressive approach with
1. "nmap -p 25 -sS remote.mail.server" and
2. "nmap -p 25 -sA remote.mail.server"
from one of my host-servers showed for 1.: "port 25 open" and for 2.:"port 25
filtered". That sounds exactly like your explanation. But for my host-servers
it occurs no matter if they have a vserver-patched kernel running or not.
Too bad, for a short time I thought I might have tracked this problem down and
could accuse Herbert and the developers here of doing bad work instead of
fighting alien admins.. :-)
greetings
Alexander
Am Mittwoch, 7. Januar 2004 13:41 schrieb Christian Mayrhuber:
> Christian Mayrhuber wrote:
> > Thats exactly the problem I have.
> > The dns setup is right. It happens from the root server (ctx 0), too.
> > But does not happen if I use a standard kernel with the same
> > configuration. The remote mailserver is behind a netfilter firewall.
>
> Some additional information:
> The remote mailserver is behind a netfilter firewall and complains about
> an invalid CRC in the TCP header, the CRC of the IP header is ok.
> The CRC of the TCP header is ok when the packets are sent from a vserver
> (this has been verified on a pix firewall) then those packets get routed
> trough the net, reach the netfilter firewall and have a corrupt TCP CRC
> afterwards.
> This may well be a bug in the netfilter code which is triggerd only by
> packets of a vserver kernel.
> The result is that on the SYN packet follows no ACK and the connection
> times out.
--
-------------------------------------------
agoeres _at_ lieblinx.net
tel.: +49 (0)30 / 61 20 26 87
fax: +49 (0)30 / 61 20 26 89
-------------------------------------------
lieblinxNET
we do software
a Marwood & Thiele GbR
-------------------------------------------
reichenberger straße 125
10999 Berlin
http://lieblinx.net
-------------------------------------------
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver