October 2005
Andrew Pollock


Friday, 21 October 2005

Just the way I want to spend my Friday night...

Bashing my head over why Firewall-1 is eating my ACK packets for dinner - when I'd rather be at home eating some myself. Dinner that is, not ACK packets. They're not all that filling. No payload and all.

So, the bastard thing has a rule that is supposed to accept packets from the big bad interweb, and let them in to a web host, after a spot of load balancing and what have you. I'm testing it with a remote connection from home. The SYN comes in, the SYN goes out. The SYN arrives where it's supposed to. The web server ACK's that SYN. The ACK arrives at the firewall. The ACK is never seen again. Oh, and the firewall logs an ACCEPT on the packet.

So after restarting Firewall-1, rebooting (gotta love the fact this isn't production yet), checking my routing (there's not a lot to check, it's going to go out the default gateway), I'm at headbutting keyboard point.

At least I found and fixed a problem with logging.

[02:42] [work] [permalink]