RE: [suse-security] Access to some webservers through firewall
which is correct, because I was trying to contact www.bahn.de (213.83.12.10). I think that they have a load balancer who sent me to that ip-address, but as my firewall did not open a connection there it blocks the packages.
It can't be the redirection or load balancing that's causing your problem. IP addresses can't suddenly change in the middle of a TCP connection. If your browser is redirected to a host on a different IP address, it performs a TCP connection to that host, which ensures that your firewall will handle it fine. As was noted, netfilter may be timing out the connection from the state table prematurely, which surprises me, since the TCP timeouts are very long, IIRC. I don't have any other ideas, though. I'd probably sniff the wire and analyse the result with ethereal. Cheers, Tobias
Reckhard, Tobias wrote: ....
As was noted, netfilter may be timing out the connection from the state table prematurely, which surprises me, since the TCP timeouts are very long, IIRC. I don't have any other ideas, though. I'd probably sniff the wire and analyse the result with ethereal.
A timeout seems very unlikely to me, too, because when I connect to the blocked IP right away the page is displayed instantly... But thank you for your deep discription, I'll sniff my wire a little bit tonight and then I'll see, where the problem is (hopefully)! Greetings, Ralf
participants (2)
-
Ralf Ronneburger
-
Reckhard, Tobias