Given following network setup:
Debian bullseye host (Proxmox VE) -> OPNsense firewall doing NAT -> DSL modem (connected via PPPoE) -> Internet
The host isn't able to establish a tcp connection to any host in the internet. I tried to reach different hosts, also a server where I am able to capture traffic.
I captured some traffic using port mirroring of the DSL modem switch port ensuring I really see traffic passing the line to the internet.
Traffic from another debian machine in the network using the same topology looks fine.
On both machines I executed curl -4 http://ftp.de.debian.org/debian and curl -4 http://www.google.de and compared the TCP SYN packets.
They look the same to me, differing only in
- IP identification header and therefore IP header checksum
- TCP source port
- TCP sequence number
- TCP checksum
- TCP timestamp value
These differences are expected.
Following a screenshot capturing traffic at the DSL modem port. The capture contains traffic from the working host up until package 308. Traffic from packet 309 onwards is from the broken host.
I filtered on packets having the SYN flag set, as these packets are relevant only.
Packet from working host:
Packet from broken host:
As mentioned above, I also took a traffic capture from the server side. It looks exactly the same as visible in the screens (packet 309, 310, 320, ...).
Additional info:
- TCP traffic within LAN (e. g. ssh to another host) works as intended.
- UDP traffic to the internet (e. g. NTP traffic) is fine.
- ICMP traffic to the internet is fine, too.
What could cause the internet hosts not to answer the SYN packets with SYN-ACK?
