This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent Proxy Traffic Blocked by GoDaddy?

Hey All I have had an issue arise a few times when accessing godaddy websites.  I suppose I could figured out a way to whitelist/bypass but I wanted to bring it to this forum first because of some behavior differences I noted while troubleshooting.  I have attached two tcpdump outputs.  First one is the initial SEW flagged packet with the incorrect cksum that is blocked and never answered by the godaddy servers.  The second one is with the transparent proxy service disabled and proxy turned off and a telnet from a linux box that is answered and a HTTP session is possible. 

 

19:09:31.105522 IP (tos 0x0, ttl 64, id 18790, offset 0, flags [DF], proto TCP (6), length 60)
    firewall.47296 > ip-198-71-232-3.ip.secureserver.net.https: Flags [SEW], cksum 0x648b (incorrect -> 0x5871), seq 2453015431, win 29200, options [mss 1460,sackOK,TS val 2101822177 ecr 0,nop,wscale 7], length 0



firewall.52738 > ip-198-71-232-3.ip.secureserver.net.http: Flags [S], cksum 0x4b01 (correct), seq 2432718501, win 64240, options [mss 1460,sackOK,TS val 1829665450 ecr 0,nop,wscale 7], length 0
19:10:55.948135 IP (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto TCP (6), length 60)



This thread was automatically locked due to age.
Parents
  • update:  Turning off ECN in QOS/Advanced corrected the issue, must have something to do with ECN because I still have the incorrect cksum but no ECN enabled this time and I no longer have the issue.

    19:34:38.279692 IP (tos 0x0, ttl 64, id 33068, offset 0, flags [DF], proto TCP (6), length 60)
        firewall.42462 > ip-198-71-232-3.ip.secureserver.net.http: Flags [S], cksum 0x648b (incorrect -> 0xa0b6), seq 655262                                                                                                                      615, win 29200, options [mss 1460,sackOK,TS val 2102198971 ecr 0,nop,wscale 7], length 0

Reply
  • update:  Turning off ECN in QOS/Advanced corrected the issue, must have something to do with ECN because I still have the incorrect cksum but no ECN enabled this time and I no longer have the issue.

    19:34:38.279692 IP (tos 0x0, ttl 64, id 33068, offset 0, flags [DF], proto TCP (6), length 60)
        firewall.42462 > ip-198-71-232-3.ip.secureserver.net.http: Flags [S], cksum 0x648b (incorrect -> 0xa0b6), seq 655262                                                                                                                      615, win 29200, options [mss 1460,sackOK,TS val 2102198971 ecr 0,nop,wscale 7], length 0

Children
No Data