Обсуждение: TCP packet out of state: First packet isn't SYN tcp_flags: ACK

Поиск
Список
Период
Сортировка

TCP packet out of state: First packet isn't SYN tcp_flags: ACK

От
dx k9
Дата:
Hi, we are running postgresql 9.1.9 on SLES 11.   We connect to it from a web server in the DMZ running on CentOS 6.5,  observed with 6.4 as well.  Our theory is running the same OS on the postgres and web server might clear all these TCP packet out of state drops we see thru the firewall.
 
Source port 5432 using  random  services 40090, 40451, 40450, 40091, 40090, 40450, 40451, 40091, 46482.    It's unclear why the database server periodically is trying to connect to the web server with these services.  There doesn't seem to be any service complaints,  but periodically we see these in the firewall logs, it seems benign.

Re: TCP packet out of state: First packet isn't SYN tcp_flags: ACK

От
Cliff Pratt
Дата:
I believe that those message are innocuous, but I can't be sure. It's caused by a timeout issue. (sorry, I looked into this at one time, but I forget the details). If you have Checkpoint Firewall 1, as I recall there is an article on the web site about this. Sorry to be so vague, but this may give you a hint of a direction to look in.

Cheers,

Cliff


On Fri, Apr 11, 2014 at 7:50 AM, dx k9 <bitsandbytes88@hotmail.com> wrote:
Hi, we are running postgresql 9.1.9 on SLES 11.   We connect to it from a web server in the DMZ running on CentOS 6.5,  observed with 6.4 as well.  Our theory is running the same OS on the postgres and web server might clear all these TCP packet out of state drops we see thru the firewall.
 
Source port 5432 using  random  services 40090, 40451, 40450, 40091, 40090, 40450, 40451, 40091, 46482.    It's unclear why the database server periodically is trying to connect to the web server with these services.  There doesn't seem to be any service complaints,  but periodically we see these in the firewall logs, it seems benign.