view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
He's running Windows 10, unfortunately- but wouldn't SSL errors show up in Apache logs? His IP appears 0 times in all apache error and access logs dating back 8 months (the beginning of recorded logs).
Here's another example of a working request to https://drkt.eu, and his non-working request respectively.
See this page here that explains the
Flags
: https://opensource.com/article/18/10/introduction-tcpdumpTypically, in a TCP connection, you'd SYN, SYN+ACK, ACK, then transfer actual data over. In the successful sequence, you see this happening as expected.
In the unsuccessful sequence, it seems to be stuck in SYN, SYN+ACK, but there is no ACK that follows (
Flags [.]
).Where is the second one captured? On the user's system, or on your system? Something in between is determining the packet isn't intended for the destination and dropping it. It may be a firewall, it may be something else.
Thinking about this some more, could it be asymmetric routing?
If so, does this help?
Replying to both of your comments:
These are captured on both my gateway and the Apache LXC container. The captured packets are identical as far as tcpdump is aware on both of these systems. As far as I can tell, unless there are shenanigans at the firewall WAN NIC, this is how the packets arrive to my firewall.
And I don't think this is asymmetrical routing if I understand it correctly, as I only have one firewall. My interfaces are configured correctly according to that netgate article.
Sorry I got slammed by work last couple of days and didn’t check back.
I wonder if it could be asymmetrical routing by your ISP? You mentioned your setup was okay before but it doesn’t work since you changed location.
I think your friend with the UniFi network has a static IP. Can you try traceroute to their IP and see if the route is similar to the one taken by their ISP? I’m not sure if this is how you’d test for asymmetrical routing but if nothing else the symptoms sound similar.
This project has hit a bit of a dead end but I appreciate your input a lot. I may get an opportunity to run tcpdump from within their network soon- which is what I was waiting for and why I didn't reply yet, but things aren't really happening.
My ISP gave me an rDNS and I was off several of those dumb blocklists within the hour. One person who could not previously connect to me now can, so that was the issue for that user at least. They were using Mullvad VPN, so Mullvad blocks based on uceprotect or a similar blocklist.