UAMALLOWED and HTTPS (to select.worldpay.com)

Johan Meiring jmeiring at amobia.com
Wed Apr 29 16:58:31 UTC 2009 

Derek C wrote:
> Hi Johan,
> 
>> Best to use:
>> tcpdump -vvntttt -s 1500 -i ath0 (-s 1500 makes it capture the whole
>> packet, and you then get more info)
> 
> Without using Firefox and only telnet (because my problem seems to be that
> I don't seem to be able to establish a socket connection) here is the
> output from tcpdump -vvntttt -s 1500 -i ath0 when I try to "telnet
> 155.136.66.34 443".  I'll get a full dump for Firefox too but I also want
> to see if I have this problem if I uamallow other HTTPs servers out there
> and not just the Worldpay payment gateway.
> 
> Results from "tcpdump -vvntttt -s 1500 -i ath0" when doing "telnet
> 155.136.66.34 443": -
> 
> 2009-04-29 15:10:06.083836 IP (tos 0x10, ttl 64, id 40577, offset 0, flags
> [DF], proto TCP (6), length 60) 192.168.182.9.38910 > 155.136.66.34.443:
> S, cksum 0x9078 (correct), 3501107707:3501107707(0) win 5840 <mss
> 1460,sackOK,timestamp 8271738 0,nop,wscale 6>
> 2009-04-29 15:10:06.114643 IP (tos 0x0, ttl 238, id 2, offset 0, flags
> [none], proto TCP (6), length 44) 155.136.66.34.443 > 192.168.182.9.38910:
> S, cksum 0xc430 (correct), 1660020786:1660020786(0) ack 3501107708 win
> 8192 <mss 1460>
> 2009-04-29 15:10:06.114717 IP (tos 0x10, ttl 64, id 40578, offset 0, flags
> [DF], proto TCP (6), length 40) 192.168.182.9.38910 > 155.136.66.34.443:
> ., cksum 0xe51d (correct), 1:1(0) ack 1 win 5840
> 2009-04-29 15:10:06.115111 IP (tos 0x0, ttl 238, id 3, offset 0, flags
> [none], proto TCP (6), length 44) 155.136.66.34.443 > 192.168.182.9.38910:
> S, cksum 0xa42f (correct), 1660020787:1660020787(0) ack 3501107708 win
> 16384 <mss 1460>
> 2009-04-29 15:10:06.115144 IP (tos 0x0, ttl 64, id 0, offset 0, flags
> [DF], proto TCP (6), length 40) 192.168.182.9.38910 > 155.136.66.34.443:
> R, cksum 0x471f (correct), 3501107708:3501107708(0) win 0
> 
> 
> 

I must say, I have no idea.
All looks good.

The only other thing I can think of is MTU issues.

Try issuing the following on your hotspot, and see if it helps.

iptables -I FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j 
TCPMSS --clamp-mss-to-pmtu
(the above command is one line)

-- 


Johan Meiring
Amobia Communications
Tel: (0861) AMOBIA / (0861) 266242
Fax: (0861) AMOFAX / (0861) 266329

More information about the Chilli mailing list