Site Navigation

Date:      Wed, 20 Sep 2006 02:06:04 -0700
From:      =?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?= <ask@develooper.com>
To:        freebsd-pf@freebsd.org
Subject:   Re: bad ruleset - pf not keeping state for some bridged connections?
Message-ID:  <6A101730-00DA-4E6A-A6A3-006B8C89ED54@develooper.com>
In-Reply-To: <596996E2-D643-4D66-ADE3-36099FF2BDD6@develooper.com>
References:  <596996E2-D643-4D66-ADE3-36099FF2BDD6@develooper.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Sep 6, 2006, at 20:17, Ask Bj=F8rn Hansen wrote:

Sorry about replying to my own mail, I figured I should include a bit =20=

more debug information.

This is from the Fedora box (64.81.32.148) (behind the freebsd/pf =20
bridge/firewall).  It looks like the Fedora box is closing the =20
connection after a couple of packets?   (The "F" flag is "FIN", right?)

08:48:23.879289 IP 67.15.155.11.32864 > 64.81.32.148.3309: S =20
3300493391:3300493391(0) win 5840 <mss 1460,sackOK,timestamp 4995579 =20
0,nop,wscale 2>
08:48:23.879535 IP 64.81.32.148.3309 > 67.15.155.11.32864: S =20
516984971:516984971(0) ack 3300493392 win 5792 <mss =20
1460,sackOK,timestamp 7973585 4995579,nop,wscale 7>
08:48:23.918926 IP 67.15.155.11.32864 > 64.81.32.148.3309: . ack 1 =20
win 1460 <nop,nop,timestamp 4995620 7973585>
08:48:23.925702 IP 64.81.32.148.3309 > 67.15.155.11.32864: P 1:71(70) =20=

ack 1 win 46 <nop,nop,timestamp 7973597 4995620>
08:48:23.965967 IP 67.15.155.11.32864 > 64.81.32.148.3309: . ack 71 =20
win 1460 <nop,nop,timestamp 4995666 7973597>
08:48:28.931214 IP 64.81.32.148.3309 > 67.15.155.11.32864: F 71:71(0) =20=

ack 1 win 46 <nop,nop,timestamp 7974848 4995666>
08:48:29.175137 IP 64.81.32.148.3309 > 67.15.155.11.32864: F 71:71(0) =20=

ack 1 win 46 <nop,nop,timestamp 7974909 4995666>
08:48:29.214854 IP 67.15.155.11.32864 > 64.81.32.148.3309: . ack 72 =20
win 1460 <nop,nop,timestamp 5000916 7974909,nop,nop,sack 1 {71:72}>
08:48:31.441388 IP 67.15.155.11.32864 > 64.81.32.148.3309: FP 1:66=20
(65) ack 72 win 1460 <nop,nop,timestamp 5003143 7974909>
08:48:31.441625 IP 64.81.32.148.3309 > 67.15.155.11.32864: R =20
516985043:516985043(0) win 0


On the internal interface on the FreeBSD box I get line for line =20
*exactly* the same, except for the timestamps (no surprise).

On the external interface (the one facing the internet and the =20
connecting box) it was (not the same connection attempt, so the =20
timestamp is a few minutes off):

08:52:17.642804 IP 67.15.155.11.32877 > 64.81.32.148.3309: S =20
3564356178:3564356178(0) win 5840 <mss 1460,sackOK,timestamp 5229382 =20
0,nop,wscale 2>
08:52:17.644035 IP 64.81.32.148.3309 > 67.15.155.11.32877: S =20
764788140:764788140(0) ack 3564356179 win 5792 <mss =20
1460,sackOK,timestamp 8032017 5229382,nop,wscale 7>
08:52:17.682937 IP 67.15.155.11.32877 > 64.81.32.148.3309: . ack 1 =20
win 1460 <nop,nop,timestamp 5229422 8032017>
08:52:17.684160 IP 64.81.32.148.3309 > 67.15.155.11.32877: P 1:71(70) =20=

ack 1 win 46 <nop,nop,timestamp 8032027 5229422>
08:52:17.724350 IP 67.15.155.11.32877 > 64.81.32.148.3309: . ack 71 =20
win 1460 <nop,nop,timestamp 5229463 8032027>
08:52:17.729743 IP 67.15.155.11.32877 > 64.81.32.148.3309: P 1:66(65) =20=

ack 71 win 1460 <nop,nop,timestamp 5229468 8032027>
08:52:17.968325 IP 67.15.155.11.32877 > 64.81.32.148.3309: P 1:66(65) =20=

ack 71 win 1460 <nop,nop,timestamp 5229708 8032027>
08:52:18.448706 IP 67.15.155.11.32877 > 64.81.32.148.3309: P 1:66(65) =20=

ack 71 win 1460 <nop,nop,timestamp 5230188 8032027>
08:52:19.408590 IP 67.15.155.11.32877 > 64.81.32.148.3309: P 1:66(65) =20=

ack 71 win 1460 <nop,nop,timestamp 5231148 8032027>
08:52:21.328413 IP 67.15.155.11.32877 > 64.81.32.148.3309: P 1:66(65) =20=

ack 71 win 1460 <nop,nop,timestamp 5233068 8032027>
08:52:22.690688 IP 64.81.32.148.3309 > 67.15.155.11.32877: F 71:71(0) =20=

ack 1 win 46 <nop,nop,timestamp 8033279 5229463>
08:52:22.729772 IP 67.15.155.11.32877 > 64.81.32.148.3309: F 66:66(0) =20=

ack 72 win 1460 <nop,nop,timestamp 5234470 8033279>
08:52:22.937111 IP 64.81.32.148.3309 > 67.15.155.11.32877: F 71:71(0) =20=

ack 1 win 46 <nop,nop,timestamp 8033340 5229463>
08:52:22.975678 IP 67.15.155.11.32877 > 64.81.32.148.3309: . ack 72 =20
win 1460 <nop,nop,timestamp 5234716 8033340,nop,nop,sack 1 {71:72}>
08:52:25.167728 IP 67.15.155.11.32877 > 64.81.32.148.3309: FP 1:66=20
(65) ack 72 win 1460 <nop,nop,timestamp 5236908 8033340>
08:52:25.168725 IP 64.81.32.148.3309 > 67.15.155.11.32877: R =20
764788212:764788212(0) win 0


Does this help anyone enough to be able to give me some hints?



  - ask

--=20
http://askask.com/  - http://develooper.com/

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6A101730-00DA-4E6A-A6A3-006B8C89ED54>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact