From owner-freebsd-ipfw  Thu Jan 30  5:12:48 2003
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C530037B401
	for <freebsd-ipfw@FreeBSD.ORG>; Thu, 30 Jan 2003 05:12:46 -0800 (PST)
Received: from mail.geoseis.t72.ru (geoseis.t72.ru [193.111.45.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA0B743F3F
	for <freebsd-ipfw@FreeBSD.ORG>; Thu, 30 Jan 2003 05:12:45 -0800 (PST)
	(envelope-from shy@geoseis.t72.ru)
Received: from leon.geoseis (leon.geoseis [192.168.1.10])
	by tower.geoseis.t72.ru (8.12.6/8.11.6) with ESMTP id h0UDBI9l026977
	for <freebsd-ipfw@FreeBSD.ORG>; Thu, 30 Jan 2003 18:11:18 +0500 (YEKT)
	(envelope-from shy@geoseis.t72.ru)
Date: Thu, 30 Jan 2003 10:25:35 +0500
From: Sergey Klusov <shy@geoseis.t72.ru>
X-Mailer: The Bat! (v1.62 Christmas Edition)
Reply-To: freebsd-ipfw@FreeBSD.ORG
X-Priority: 3 (Normal)
Message-ID: <124904071.20030130102535@geoseis.t72.ru>
To: freebsd-ipfw@FreeBSD.ORG
Subject: ipfw2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

Hello, i've got a problem with ipfw2

here is my config

ipfw add 50 divert natd all from any to any via ${extif}
ipfw add 100 check-state
ipfw add 200 deny log tcp from any to any established
ipfw add 300 permit tcp from any to any setup

almost always there is a logged message like this, WHEN the connection
terminates
Everything works fine but full log of this:

Jan 10 12:04:24 tower /kernel: ipfw: 200 Deny TCP 217.66.99.188:80 193.111.x.x:1147 in via rl1

i've tried to intercept this packets with tcpdump and figured out,
what those packets logged are TCP packets with FIN flag. And it seems,
that many hosts send multiple FIN packets, wich causes to remove
dynamic rule on first FIN packet and then log that message above on
all subsequent packets.
Also i must notice that it is not diverted packets logged, because we
use squid, which is on the same host. So i doubt what this is a NAT
issue.

Any ideas?
-- 
Best regards,
 Sergey Klusov


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message