Linux服务器丢弃Window7的SYN导致三次握手无法完成的问题分析

Hi all,

we have a very weird problem here at hand which we can currently only trigger
in a moderately complex setup - however this one is the reality ;)

We have a pool of machines which are on RFC1918 addresses, have a NAT-gateway
to the outside (university /16 network) and some of the machines from the pool
access the web server also in the university network - mostly these are
reloading a status page every ~ 15s via meta refresh.

Now the weird part. If I ask colleagues with a MacOS laptops to access this
page with any web browser, the kick me "out" (standard Debian Squeeze laptop).
During this time, I cannot establish any new connection to this server
(neither via http(s) nor ssh) anymore, however my SYN packets all arrive at
the server (tcpdump/wireshark show this), but the server never replies to me.
If I access the server from another IP (e.g. outside world), there is no
problem.

We have ruled out iptables as the behavior is the same with or without.

We are running out of ideas, thus our question what we might miss here. Is
there a certain limit of connections from one IP (our gateway) to the server,
i.e. could the server run out of resources? I've checked /proc/net to some
extend but might have missed something there.

Anyone with ideas?

Cheers and TIA

Carsten
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html