Re: [squid-users] wccp transparent proxy; returned spoofed packets are dropped!

From: Daniel Rose <drose@dont-contact.us>
Date: Fri, 21 Dec 2007 14:59:15 +1100

Tony Dodd wrote:
> Daniel Rose wrote:
>> SQUID (linux kernel 2.6.18.xxx) Sends a spoofed ACK 'from' WWWHOST to
>> CLIENT.
>>
>> The spoofed ACK never arrives at the CLIENT. CLIENT just sends 3 SYNs
>> and times out. I assume it's dropped by the firewall, but I can't get
>> 'debug ip packet' or similar commands to work on the ASA 5520 to
>> verify this, but it's pretty clear since it never arrives on the
>> client (I used wireshark).
>>
>
> Have you tried turning up the logging level and seeing what the asa is
> doing? My money is on it dropping your packets.
>

Confirmed by your logging suggestion.

-- 
Daniel Rose
National Library of Australia
Received on Thu Dec 20 2007 - 20:59:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Jan 01 2008 - 12:00:02 MST