Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
RE: [suse-security] Access to some webservers through firewall
- From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
- Date: Tue, 27 Nov 2001 07:25:44 +0100
- Message-id: <96C102324EF9D411A49500306E06C8D1A56C59@xxxxxxxxxxxxxxxxx>
> which is correct, because I was trying to contact www.bahn.de
> (213.83.12.10). I think that they have a load balancer who sent me to
> that ip-address, but as my firewall did not open a connection there it
> blocks the packages.
>
It can't be the redirection or load balancing that's causing your problem.
IP addresses can't suddenly change in the middle of a TCP connection. If
your browser is redirected to a host on a different IP address, it performs
a TCP connection to that host, which ensures that your firewall will handle
it fine.
As was noted, netfilter may be timing out the connection from the state
table prematurely, which surprises me, since the TCP timeouts are very long,
IIRC. I don't have any other ideas, though. I'd probably sniff the wire and
analyse the result with ethereal.
Cheers,
Tobias
> (213.83.12.10). I think that they have a load balancer who sent me to
> that ip-address, but as my firewall did not open a connection there it
> blocks the packages.
>
It can't be the redirection or load balancing that's causing your problem.
IP addresses can't suddenly change in the middle of a TCP connection. If
your browser is redirected to a host on a different IP address, it performs
a TCP connection to that host, which ensures that your firewall will handle
it fine.
As was noted, netfilter may be timing out the connection from the state
table prematurely, which surprises me, since the TCP timeouts are very long,
IIRC. I don't have any other ideas, though. I'd probably sniff the wire and
analyse the result with ethereal.
Cheers,
Tobias
| < Previous | Next > |