Firewall Wizards mailing list archives
R: R: PIX dropping packets with source port 80
From: <edp.lists () acerbis it>
Date: Thu, 27 May 2004 15:03:11 +0200
Ok. I think that the issue is related to some quirkiness of the tcp socket close (because all seems working) : the pix could close the translation slot before the complete handshake is completed thus denying the last peer packet, *BUT* we can't say more until you provide a detailed packet trace of the communication involved, could be also a misbehaving tcp stack. bye -----Messaggio originale----- Da: LazloCarreidas () netscape net [mailto:LazloCarreidas () netscape net] Inviato: giovedì 27 maggio 2004 10.26 A: edp.lists () acerbis it Oggetto: RE: R: [fw-wiz] PIX dropping packets with source port 80 Hi <edp.lists () acerbis it> wrote:
Don't be misled by port 80, could be really junk traffic and the pix correcly detect that as such (in fact you report no problems in using the proxy).
I understand that. The fact is that I can prove that the proxy opens the connection outside to a specific address, and then some packets back are dropped from the same address. For example, the connection open at 14:04:02 and packets are dropped at 14:04:04...
If you want only get rid of the message, just disable it with the "logging" command or set the message 106023 to another syslog level (less priority). i.e. "logging message 106023 level 7" or "no logging message <n>"
No so simple. The 106023 message is for every dropped packet, and I want to keep the other ones... Thanks for the help Lazlò __________________________________________________________________ Introducing the New Netscape Internet Service. Only $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- R: R: PIX dropping packets with source port 80 edp.lists (May 27)