Der HTTP-Request kommt an, offensichtlich geht die Antwort des Webservers auf dem Knoten verloren.
Client -> Freifunkknoten
traceroute to 2a03:2260:115:3600:46d9:e7ff:feac:e223 (2a03:2260:115:3600:46d9:e7ff:feac:e223), 30 hops max, 80 byte packets
1 2a00:6020:xxxx:xxxx::1 (2a00:6020:xxxx:xxxx::1) 7.091 ms 5.725 ms 10.525 ms
2 * * *
3 be10-717.cr1.int1-dus.dg-ao.de (2a00:6020:0:2::2) 13.036 ms 13.089 ms 16.010 ms
4 be10-717.pr2.int1-dus.dg-w.de (2a00:6020:0:2::3) 16.014 ms * *
5 2a03:2260::5 (2a03:2260::5) 19.292 ms 19.262 ms 15.946 ms
6 2a03:2260::4 (2a03:2260::4) 31.851 ms 22.020 ms 24.451 ms
7 2001:4ba0:ffa4:3d2:5:199:135:168 (2001:4ba0:ffa4:3d2:5:199:135:168) 25.308 ms 28.517 ms 26.364 ms
8 2a03:2260:115:3600:46d9:e7ff:feac:e223 (2a03:2260:115:3600:46d9:e7ff:feac:e223) 44.330 ms 50.777 ms 45.429 ms
Umgekehrt nehmen die Pakete den direkten Weg. Freifunkknoten -> Client:
traceroute to 2a00:6020:xxxx:xxxx::7bf (2a00:6020:xxxx:xxxx::7bf), 30 hops max, 64 byte packets
1 2a00:6020:xxxx:xxxx::7bf (2a00:6020:xxxx:xxxx::7bf) 13.244 ms 6.355 ms 5.086 ms
Wie kann ich mir das vorstellen? Werden die Pakete vom Webserver dann statt über br-client
via br-wan
verschickt und versanden dann in der Firewall des Knotens? Und wie schafft man da Abhilfe?
EDIT:
Daran scheint es zu liegen, hier der tcpdump
-Output des Knotens, jeweils br-client
und br-wan
auf Port 80 während auf der Gegenstelle die Statusseite geöffnet wird, mittels wget -O- http://[2a03:2260:115:3600:46d9:e7ff:feac:e223]/
root@ffwaf-eloh-eschenweg-1:~# tcpdump -vv -i br-client port 80
tcpdump: listening on br-client, link-type EN10MB (Ethernet), capture size 262144 bytes
18:28:26.390671 IP6 (flowlabel 0xce1ad, hlim 57, next-header TCP (6) payload length: 40) 2a00:6020:xxxx:xxxx::7bf.34692 > 2a03:2260:115:3600:46d9:e7ff:feac:e223.80: Flags [S], cksum 0x0f9a (correct), seq 3690733389, win 28800, options [mss 1440,sackOK,TS val 23257578 ecr 0,nop,wscale 7], length 0
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel
root@ffwaf-eloh-eschenweg-1:~# tcpdump -vv -i br-wan port 80
tcpdump: listening on br-wan, link-type EN10MB (Ethernet), capture size 262144 bytes
18:28:46.163848 IP6 (flowlabel 0x16285, hlim 64, next-header TCP (6) payload length: 40) 2a03:2260:115:3600:46d9:e7ff:feac:e223.80 > 2a00:6020:xxxx:xxxx::7bf.34706: Flags [S.], cksum 0x61bd (incorrect -> 0x0c6e), seq 3510760251, ack 3368482310, win 28560, options [mss 1440,sackOK,TS val 7170116 ecr 23262521,nop,wscale 3], length 0
18:28:47.242174 IP6 (flowlabel 0xcc09c, hlim 64, next-header TCP (6) payload length: 40) 2a03:2260:115:3600:46d9:e7ff:feac:e223.80 > 2a00:6020:xxxx:xxxx::7bf.34706: Flags [S.], cksum 0x61bd (incorrect -> 0x0c02), seq 3510760251, ack 3368482310, win 28560, options [mss 1440,sackOK,TS val 7170224 ecr 23262521,nop,wscale 3], length 0
18:28:48.042160 IP6 (flowlabel 0x20a4c, hlim 64, next-header TCP (6) payload length: 40) 2a03:2260:115:3600:46d9:e7ff:feac:e223.80 > 2a00:6020:xxxx:xxxx::7bf.34690: Flags [S.], cksum 0x61bd (incorrect -> 0xf969), seq 1127678052, ack 3391661475, win 28560, options [mss 1440,sackOK,TS val 7170304 ecr 23254901,nop,wscale 3], length 0
18:28:49.322143 IP6 (flowlabel 0x03d2b, hlim 64, next-header TCP (6) payload length: 40) 2a03:2260:115:3600:46d9:e7ff:feac:e223.80 > 2a00:6020:xxxx:xxxx::7bf.34706: Flags [S.], cksum 0x61bd (incorrect -> 0x0b32), seq 3510760251, ack 3368482310, win 28560, options [mss 1440,sackOK,TS val 7170432 ecr 23262521,nop,wscale 3], length 0
^C
4 packets captured
5 packets received by filter
0 packets dropped by kernel