Re: [squid-users] wccp transparent proxy; returned spoofed packets are dropped!

From: Tony Dodd <tony@dont-contact.us>
Date: Fri, 21 Dec 2007 03:37:38 +0000

Daniel Rose wrote:
> SQUID (linux kernel 2.6.18.xxx) Sends a spoofed ACK 'from' WWWHOST to CLIENT.
>
> The spoofed ACK never arrives at the CLIENT. CLIENT just sends 3 SYNs and times out. I assume it's dropped by the firewall, but I can't get 'debug ip packet' or similar commands to work on the ASA 5520 to verify this, but it's pretty clear since it never arrives on the client (I used wireshark).
>

Have you tried turning up the logging level and seeing what the asa is
doing? My money is on it dropping your packets.

Adjust logging to "errors" if you're getting to much log data.

# conf t
(config)# logging asdm warnings
# sh logging asdm

-- 
Tony Dodd, Systems Administrator
Last.fm | http://www.last.fm
Karen House 1-11 Baches Street
London N1 6DL
check out my music taste at:
http://www.last.fm/user/hawkeviper
Received on Thu Dec 20 2007 - 20:37:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST