Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Freaky ICMP unreachable error - help Luke, you're my only hope

To: [email protected]
Subject: Re: [FW1] Freaky ICMP unreachable error - help Luke, you're my only hope
From: Beckster <[email protected]>
Date: Wed, 10 Jan 2001 10:38:56 -0600
References: <[email protected]>
Sender: [email protected]

Ok, I've narrowed this down to a problem with the firewall.  For
some reason, periodically during normal tcp flow, our firewall is
giving unreachable error messages to all clients at that time.  This
is only happening with one specific IP address.  This address is
NAT'ed and the error message is only occuring on the external side.
(At least to the best of my knowledge.)  

Why would my firewall (out of the blue) not be able to find the route
to this external ip address???  The address is setup with the arp
information for the firewall and has been working fine for a loooong
time.

Looking forward to hearing some brainstorming on this one folks!
I'm approaching the end of my rope here!  :-)

Thanks all,
Becky



Beckster wrote:
> 
> Installed SP2 on our nokia 440 this past Sat. night - running FW4.1
> on it.
> 
> +++++++++++++++++++++++++
> Clients to one particular web site have been complaining about error
> messages saying no route to host and proxy errors stating "unable to
> connect to server - connection refused" type of stuff.  Particular
> clients have experienced this since last Tuesday - at first we chalked
> it up to possible config issue on their side; however our site began
> experiencing severe slow-downs yesterday.  Page retrieval lasting
> up to 20-30 seconds.
> 
> While watching tcpdump on my external interface, I'm seeing hundreds of
> sporadic messages where my external interface is reporting this back
> to client ip addresses:
> icmp: host (our web server's IP) unreachable
> 
> This will go on for awhile (most recently about 19 minutes) and then
> all will be fine again.
> 
> I would think of some type of icmp bounce or something, but this error
> is being returned to all client ip's - not just "spoofed looking" ips.
> I wondered about bandwidth problems, but this is only happening to
> one particular web server.
> 
> Any comments/insight is appreciated.
> 
> Regards,
> Becky
> 
> p.s.  Here's the exact message - sanitized of course because
> everyone knows that obscurity is really the ONLY way to go.
> har har
> 
> (watch the wrap)
> 05:11.2 208.xx.. > 12.110.xxx.xxx: icmp:  host 208.xx.xxx.xxx
> unreachable (DF) [tos 0xe0]
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Freaky ICMP unreachable error - help Luke, you're my only hope
  - From: Beckster <[email protected]>

Prev by Date: RE: [FW1] Nokia IP440 syslog
Next by Date: RE: [FW1] Need Help with Netware 5 IP
Previous by thread: [FW1] Freaky ICMP unreachable error - help Luke, you're my only hope
Next by thread: [FW1] Securemote key download problems [URGENT]
Index(es):
- Date
- Thread