Re: Problems with Newsgroups and FTP

kiska · ‎05-27-2003

Everything was working fine, then trouble strikes, not sure why.

When trying to download from newsgroups I keep getting "general network failure" in my new group software.

I tracked it down to the firewall but I'm not sure what's going on, or more specifically not sure why connections are getting shut so soon.

Quick sample log

May 27 2003 16:48:04: %PIX-6-302014: Teardown TCP connection 2275 for outside:65.32.1.8/119 to inside:192.168.1.50/1759 duration 0:00:01 bytes 313 TCP FINs

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags ACK on interface outside

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags PSH ACK on interface outside

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags ACK on interface outside

May 27 2003 16:48:04: %PIX-6-302013: Built outbound TCP connection 2275 for outside:65.32.1.8/119 (65.32.1.8/119) to inside:192.168.1.50/1759 (24.129.142.118/2117)

May 27 2003 16:48:04: %PIX-6-305011: Built dynamic TCP translation from inside:192.168.1.50/1759 to outside:24.129.142.118/2117

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags PSH ACK on interface outside

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags ACK on interface outside

May 27 2003 16:48:04: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2116 flags PSH ACK on interface outside

May 27 2003 16:48:04: %PIX-6-302014: Teardown TCP connection 2274 for outside:65.32.1.8/119 to inside:192.168.1.50/1758 duration 0:00:01 bytes 5320 TCP Reset-I

May 27 2003 16:48:04: %PIX-6-302013: Built outbound TCP connection 2274 for outside:65.32.1.8/119 (65.32.1.8/119) to inside:192.168.1.50/1758 (24.129.142.118/2116)

May 27 2003 16:48:04: %PIX-6-305011: Built dynamic TCP translation from inside:192.168.1.50/1758 to outside:24.129.142.118/2116

May 27 2003 16:48:01: %PIX-6-302014: Teardown TCP connection 2273 for outside:65.32.1.8/119 to inside:192.168.1.50/1757 duration 0:00:01 bytes 313 TCP FINs

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags ACK on interface outside

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags PSH ACK on interface outside

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags ACK on interface outside

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags PSH ACK on interface outside

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags ACK on interface outside

May 27 2003 16:48:01: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2114 flags PSH ACK on interface outside

May 27 2003 16:48:01: %PIX-6-302014: Teardown TCP connection 2272 for outside:65.32.1.8/119 to inside:192.168.1.50/1756 duration 0:00:01 bytes 5539 TCP Reset-I

May 27 2003 16:48:01: %PIX-6-302013: Built outbound TCP connection 2273 for outside:65.32.1.8/119 (65.32.1.8/119) to inside:192.168.1.50/1757 (24.129.142.118/2115)

May 27 2003 16:48:01: %PIX-6-305011: Built dynamic TCP translation from inside:192.168.1.50/1757 to outside:24.129.142.118/2115

May 27 2003 16:48:01: %PIX-6-302013: Built outbound TCP connection 2272 for outside:65.32.1.8/119 (65.32.1.8/119) to inside:192.168.1.50/1756 (24.129.142.118/2114)

May 27 2003 16:48:01: %PIX-6-305011: Built dynamic TCP translation from inside:192.168.1.50/1756 to outside:24.129.142.118/2114

May 27 2003 16:48:00: %PIX-6-302016: Teardown UDP connection 2271 for outside:202.96.209.134/38116 to inside:192.168.1.5/53 duration 0:00:01 bytes 151

May 27 2003 16:48:00: %PIX-6-302015: Built inbound UDP connection 2271 for outside:202.96.209.134/38116 (202.96.209.134/38116) to inside:192.168.1.5/53 (24.129.142.118/53)

May 27 2003 16:47:59: %PIX-6-302016: Teardown UDP connection 2270 for outside:202.96.209.3/60595 to inside:192.168.1.5/53 duration 0:00:01 bytes 151

May 27 2003 16:47:59: %PIX-6-302015: Built inbound UDP connection 2270 for outside:202.96.209.3/60595 (202.96.209.3/60595) to inside:192.168.1.5/53 (24.129.142.118/53)

May 27 2003 16:47:59: %PIX-7-710005: TCP request discarded from 66.163.173.201/5050 to outside:24.129.142.118/1265

May 27 2003 16:47:58: %PIX-6-302014: Teardown TCP connection 2269 for outside:65.32.1.8/119 to inside:192.168.1.50/1755 duration 0:00:01 bytes 313 TCP FINs

May 27 2003 16:47:58: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2112 flags ACK on interface outside

May 27 2003 16:47:58: %PIX-6-106015: Deny TCP (no connection) from 65.32.1.8/119 to 24.129.142.118/2112 flags PSH ACK on interface outside

kiska · ‎05-27-2003

Oh yes, and inbound FTP works fine but when uses try to use FXP it fails, but was working before without problem.

tvanginneken · ‎05-28-2003

try capturing the traffic at the outside interface and check if any packets are comming back from the news servers (maybe FINs or RSETs).

Your can put a sniffer at the outside or enable capturing on the PIX.

To enable capturing on the pix (6.2 or higher required), enter the following commands:

capture out interface outside

After entering this command, you can see the captured packets with a web browser using this URL:

https://ip-address-pix/capture/out

Make sure you have web access to the pix and that the webserver is enable on the pix:

http server enable

http your-pc-ip-address 255.255.255.255 inside

Regards,

Tom

kiska · ‎05-28-2003

I don't see any traffic leaving my network for the mail server.. nor do I see it in syslog anymore.. quite odd..

kiska · ‎05-28-2003

I have activity logged from the outside interface, but I can't make anything from it, itlooks like this:

04:52:33.764227 65.32.1.8.119 > 24.129.142.118.2753: S 3892928837:3892928837(0) ack 2313813673 win 64860

04:52:33.764486 24.129.142.118.2753 > 65.32.1.8.119: . ack 3892928838 win 64860

04:52:33.776525 65.32.1.8.119 > 24.129.142.118.2753: P 3892928838:3892928945(107) ack 2313813673 win 64860

04:52:33.793782 24.129.142.118.2753 > 65.32.1.8.119: P 2313813673:2313813686(13) ack 3892928945 win 64753

04:52:33.804203 65.32.1.8.119 > 24.129.142.118.2753: . ack 2313813686 win 64860

04:52:33.805179 65.32.1.8.119 > 24.129.142.118.2753: P 3892928945:3892929052(107) ack 2313813686 win 64860

04:52:33.844652 24.129.142.118.2753 > 65.32.1.8.119: P 2313813686:2313813711(25) ack 3892929052 win 64646

04:52:33.867188 65.32.1.8.119 > 24.129.142.118.2753: P 3892929052:3892929098(46) ack 2313813711 win 64860

04:52:33.870102 24.129.142.118.2753 > 65.32.1.8.119: P 2313813711:2313813734(23) ack 3892929098 win 64600

04:52:33.881591 65.32.1.8.119 > 24.129.142.118.2753: P 3892929098:3892929132(34) ack 2313813734 win 64860

04:52:34.027433 24.129.142.118.2753 > 65.32.1.8.119: . ack 3892929132 win 64566

04:52:34.263536 65.32.1.8.119 > 24.129.142.118.2753: . 3892929132:3892930512(1380) ack 2313813734 win 64860

04:52:34.264741 65.32.1.8.119 > 24.129.142.118.2753: P 3892930512:3892931892(1380) ack 2313813734 win 64860

04:52:34.265229 24.129.142.118.2753 > 65.32.1.8.119: . ack 3892931892 win 64860

04:52:34.265962 65.32.1.8.119 > 24.129.142.118.2753: . 3892931892:3892933272(1380) ack 2313813734 win 64860

04:52:34.267930 65.32.1.8.119 > 24.129.142.118.2753: P 3892933272:3892934652(1380) ack 2313813734 win 64860

04:52:34.268403 24.129.142.118.2753 > 65.32.1.8.119: . ack 3892934652 win 64860

04:52:34.269730 65.32.1.8.119 > 24.129.142.118.2753: . 3892934652:3892936032(1380) ack 2313813734 win 64860

04:52:34.271165 65.32.1.8.119 > 24.129.142.118.2753: P 3892936032:3892937324(1292) ack 2313813734 win 64860

04:52:34.271622 24.129.142.118.2753 > 65.32.1.8.119: . ack 3892937324 win 64860

04:52:34.584595 24.129.142.118.2753 > 65.32.1.8.119: F 2313813734:2313813734(0) ack 3892937324 win 64860

04:52:34.596648 65.32.1.8.119 > 24.129.142.118.2753: . ack 2313813735 win 64860

04:52:34.650967 65.32.1.8.119 > 24.129.142.118.2753: . 3892937324:3892938704(1380) ack 2313813735 win 64860

04:52:34.651547 24.129.142.118.2753 > 65.32.1.8.119: R 2313813735:2313813735(0) win 0

04:52:34.652264 65.32.1.8.119 > 24.129.142.118.2753: P 3892938704:3892940084(1380) ack 2313813735 win 64860

04:52:34.654232 65.32.1.8.119 > 24.129.142.118.2753: . 3892940084:3892941464(1380) ack 2313813735 win 64860

04:52:34.655376 65.32.1.8.119 > 24.129.142.118.2753: P 3892941464:3892942844(1380) ack 2313813735 win 64860

04:52:34.656536 65.32.1.8.119 > 24.129.142.118.2753: . 3892942844:3892944224(1380) ack 2313813735 win 64860

04:52:34.657650 65.32.1.8.119 > 24.129.142.118.2753: P 3892944224:3892945516(1292) ack 2313813735 win 64860

04:52:34.919645 24.129.142.118.2754 > 65.32.1.8.119: S 1559957843:1559957843(0) win 64240

04:52:34.945385 65.32.1.8.119 > 24.129.142.118.2754: S 1181827821:1181827821(0) ack 1559957844 win 64860

04:52:34.945629 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181827822 win 64860

04:52:34.958095 65.32.1.8.119 > 24.129.142.118.2754: P 1181827822:1181827929(107) ack 1559957844 win 64860

04:52:35.045163 24.129.142.118.2754 > 65.32.1.8.119: P 1559957844:1559957857(13) ack 1181827929 win 64753

04:52:35.053814 65.32.1.8.119 > 24.129.142.118.2754: . ack 1559957857 win 64860

04:52:35.054791 65.32.1.8.119 > 24.129.142.118.2754: P 1181827929:1181828036(107) ack 1559957857 win 64860

04:52:35.055966 24.129.142.118.2754 > 65.32.1.8.119: P 1559957857:1559957894(37) ack 1181828036 win 64646

04:52:35.066646 65.32.1.8.119 > 24.129.142.118.2754: P 1181828036:1181828090(54) ack 1559957894 win 64860

04:52:35.067791 24.129.142.118.2754 > 65.32.1.8.119: P 1559957894:1559957915(21) ack 1181828090 win 64592

04:52:35.082408 65.32.1.8.119 > 24.129.142.118.2754: P 1181828090:1181828124(34) ack 1559957915 win 64860

04:52:35.215229 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181828124 win 64558

04:52:35.222064 65.32.1.8.119 > 24.129.142.118.2754: . 1181828124:1181829504(1380) ack 1559957915 win 64860

04:52:35.223209 65.32.1.8.119 > 24.129.142.118.2754: P 1181829504:1181830884(1380) ack 1559957915 win 64860

04:52:35.223682 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181830884 win 64860

04:52:35.224963 65.32.1.8.119 > 24.129.142.118.2754: P 1181830884:1181832154(1270) ack 1559957915 win 64860

04:52:35.418404 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181832154 win 63590

04:52:35.427696 65.32.1.8.119 > 24.129.142.118.2754: P 1181832154:1181832157(3) ack 1559957915 win 64860

04:52:35.637204 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181832157 win 63587

04:52:36.138771 24.129.142.118.2754 > 65.32.1.8.119: P 1559957915:1559957940(25) ack 1181832157 win 63587

04:52:36.151466 65.32.1.8.119 > 24.129.142.118.2754: P 1181832157:1181832203(46) ack 1559957940 win 64860

04:52:36.154441 24.129.142.118.2754 > 65.32.1.8.119: P 1559957940:1559957963(23) ack 1181832203 win 63541

04:52:36.164359 65.32.1.8.119 > 24.129.142.118.2754: P 1181832203:1181832237(34) ack 1559957963 win 64860

04:52:36.211033 65.32.1.8.119 > 24.129.142.118.2754: . 1181832237:1181833617(1380) ack 1559957963 win 64860

04:52:36.211475 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181833617 win 64860

04:52:36.212940 65.32.1.8.119 > 24.129.142.118.2754: P 1181833617:1181834997(1380) ack 1559957963 win 64860

04:52:36.214466 65.32.1.8.119 > 24.129.142.118.2754: . 1181834997:1181836377(1380) ack 1559957963 win 64860

04:52:36.214939 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181836377 win 64860

04:52:36.215732 65.32.1.8.119 > 24.129.142.118.2754: P 1181836377:1181837757(1380) ack 1559957963 win 64860

04:52:36.217685 65.32.1.8.119 > 24.129.142.118.2754: . 1181837757:1181839137(1380) ack 1559957963 win 64860

04:52:36.218128 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181839137 win 64860

04:52:36.219471 65.32.1.8.119 > 24.129.142.118.2754: P 1181839137:1181840429(1292) ack 1559957963 win 64860

04:52:36.229175 65.32.1.8.119 > 24.129.142.118.2754: . 1181840429:1181841809(1380) ack 1559957963 win 64860

04:52:36.229632 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181841809 win 64860

04:52:36.230990 65.32.1.8.119 > 24.129.142.118.2754: P 1181841809:1181843189(1380) ack 1559957963 win 64860

04:52:36.232501 65.32.1.8.119 > 24.129.142.118.2754: . 1181843189:1181844569(1380) ack 1559957963 win 64860

04:52:36.232943 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181844569 win 64860

04:52:36.234286 65.32.1.8.119 > 24.129.142.118.2754: P 1181844569:1181845949(1380) ack 1559957963 win 64860

04:52:36.235751 65.32.1.8.119 > 24.129.142.118.2754: . 1181845949:1181847329(1380) ack 1559957963 win 64860

04:52:36.236193 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181847329 win 64860

04:52:36.237551 65.32.1.8.119 > 24.129.142.118.2754: P 1181847329:1181848621(1292) ack 1559957963 win 64860

04:52:36.403024 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181848621 win 63568

04:52:36.420678 65.32.1.8.119 > 24.129.142.118.2754: . 1181848621:1181850001(1380) ack 1559957963 win 64860

04:52:36.421853 65.32.1.8.119 > 24.129.142.118.2754: P 1181850001:1181851381(1380) ack 1559957963 win 64860

04:52:36.422310 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181851381 win 64860

04:52:36.425347 65.32.1.8.119 > 24.129.142.118.2754: . 1181851381:1181852761(1380) ack 1559957963 win 64860

04:52:36.425881 65.32.1.8.119 > 24.129.142.118.2754: P 1181852761:1181854141(1380) ack 1559957963 win 64860

04:52:36.426323 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181854141 win 64860

04:52:36.426415 65.32.1.8.119 > 24.129.142.118.2754: . 1181854141:1181855521(1380) ack 1559957963 win 64860

04:52:36.427056 65.32.1.8.119 > 24.129.142.118.2754: P 1181855521:1181856813(1292) ack 1559957963 win 64860

04:52:36.427468 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181856813 win 64860

04:52:36.458502 65.32.1.8.119 > 24.129.142.118.2754: . 1181856813:1181858193(1380) ack 1559957963 win 64860

04:52:36.459647 65.32.1.8.119 > 24.129.142.118.2754: P 1181858193:1181859573(1380) ack 1559957963 win 64860

04:52:36.460104 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181859573 win 64860

04:52:36.461447 65.32.1.8.119 > 24.129.142.118.2754: . 1181859573:1181860953(1380) ack 1559957963 win 64860

04:52:36.462744 65.32.1.8.119 > 24.129.142.118.2754: P 1181860953:1181861189(236) ack 1559957963 win 64860

04:52:36.463004 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181861189 win 64860

04:52:36.466192 65.32.1.8.119 > 24.129.142.118.2754: . 1181861189:1181862569(1380) ack 1559957963 win 64860

04:52:36.466726 65.32.1.8.119 > 24.129.142.118.2754: P 1181862569:1181863949(1380) ack 1559957963 win 64860

04:52:36.467184 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181863949 win 64860

04:52:36.467260 65.32.1.8.119 > 24.129.142.118.2754: . 1181863949:1181865329(1380) ack 1559957963 win 64860

04:52:36.467718 65.32.1.8.119 > 24.129.142.118.2754: P 1181865329:1181865406(77) ack 1559957963 win 64860

04:52:36.467917 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181865406 win 64860

04:52:36.488851 65.32.1.8.119 > 24.129.142.118.2754: P 1181865406:1181865409(3) ack 1559957963 win 64860

04:52:36.621824 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181865409 win 64857

04:52:37.064999 24.129.142.118.2754 > 65.32.1.8.119: P 1559957963:1559958000(37) ack 1181865409 win 64857

04:52:37.110635 65.32.1.8.119 > 24.129.142.118.2754: P 1181865409:1181865463(54) ack 1559958000 win 64860

04:52:37.262651 24.129.142.118.2754 > 65.32.1.8.119: . ack 1181865463 win 64803

kiska · ‎05-28-2003

Removing and reinstalling news agent did the trick, no idea how it became corrupted or what may have been happening, but it's ok now, or so it seems.