For more details, please see ourCookie Policy.


Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

Why is the ServerIron responding to connection requests to non defined service ports?

Why is the ServerIron responding to connection requests to non defined service ports?

I do have a virtual server looking like

server virtual abc q.w.e.r

   port http

   port ssl

   port dns

   port 1070

and I am getting a SYN-ACK back in case I am trying to telnet port 1234 of the virtual server. It is just the SYN-ACK coming back - the connection is not really successful.

Is there any reason for a SYN-ACK coming from a port I have not defined?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Why is the ServerIron responding to connection requests to non defined service ports?

This is not normal - the ServerIron should not do that by default. Are you sure it is the ServerIron sending the SYN-ACK out to the client? L4 load balancing would send the SYN directly to the real servers and the SYN-ACK is coming from the real servers. Only Layer 7 load balancing is doing some kind of delayed binding and some security features like SYN-Guard/-Proxy will do something like that.

Please try to enable the following in case you have SYN-Guard/-Proxy enabled in your setup:

server syn-cookie-check-vport

Contributor
Posts: 39
Registered: ‎05-04-2009

Re: Why is the ServerIron responding to connection requests to non defined service ports?

It was the syn-guard problem you have mentioned - thanks a million. All I have done is to add the command mentioned and it is working...

Join the Broadcom Community

Get quick and easy access to valuable resources across the Broadcom Community Network.