Rob,
Try turning off RPF (return path filtering at the kernel level) if it goes out on one
interface and comes in the other, then RPF is almost always at fault as it will by default
drop the connection
Ruben - ON3RVH
On 13 Jul 2017, at 20:27, Rob Janssen <pe1chl(a)amsat.org> wrote:
The strange
thing is that ping works ok when TCP doesn't connect.
My first suspicion would be a stateful firewall, but I'm sure you
checked that. Could it be a TTL problem? I'm just guessing here.
The TTL of the inside IP packet is 63. I first traced on the external interface
and saw the encapsulated packet, then I traced on the tunl0 interface and saw
the decapsulated packet (same without the outer IP header), and it all looks OK.
I see the SYN going out,the SYN ACK coming in, but nothing more (ACK should go out).
The firewall is stateful but I added an explicit accept for -s 44.0.0.1 at the
top of all the rules to make sure it is not that. Also, I reset the firewall and
watched the counters, did not see any packets being dropped.
And indeed, ping works OK. It is strange. Maybe something is wrong due to the
gateway external address change, although I would not know what could produce
the above scenario. The system is up for about a year, maybe I should try
rebooting it. (usually this brings nothing when I try it... it isn't Windows :-)
Of course sometime it will become clear how this can be explained.
Rob
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net