Date: Tue, 15 Jan 2008 20:58:50 -0200 From: "Alexandre Biancalana" <biancalana@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: carpdev ... Message-ID: <8e10486b0801151458j2a3e104am6c30619ddfb08974@mail.gmail.com> In-Reply-To: <8e10486b0801131404ne3c2339o3493a938046f2018@mail.gmail.com> References: <200710272311.09059.max@love2party.net> <8e10486b0801090741k605d7183gfb8bbdfa55fce331@mail.gmail.com> <200801110408.22724.max@love2party.net> <8e10486b0801102018h4f417a4ex900bdaeb078bd29e@mail.gmail.com> <fee88ee40801110132n77b46018i5f44da40e16a33d6@mail.gmail.com> <8e10486b0801110252w452f3e4asf438beb6297eb1f@mail.gmail.com> <d5992baf0801110844o22ba2d3ds8db2a31881df1e6e@mail.gmail.com> <8e10486b0801110949u1593e427wc24493b98d0003d2@mail.gmail.com> <d5992baf0801111005s43a76cfem430644928c897e3e@mail.gmail.com> <8e10486b0801131404ne3c2339o3493a938046f2018@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/13/08, Alexandre Biancalana <biancalana@gmail.com> wrote: > On 1/11/08, Scott Ullrich <sullrich@gmail.com> wrote: > > Thank you. Do you see the states on the backup machine when it is in the > > backup status mode? > > > > pfctl -ss > > > > You should see a similar output on the backup machine as the primary. > > Yes, the output is the same... > I found another problem, I think this could be related to the patch because this does not happened before.... In this firewall's I have only one real IP Address on each link, so I've to redirect some ports to internal servers. All services are working (http, smtp, pop3, imap) but ftp does not work, when you try to connect the connection is lost. Look this: tcpdump -nettti pflog0 port 21 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 198670 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 235008 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 6. 195725 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] The a try to remove the block rule then the output changes to: 000000 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 198670 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 235008 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 6. 195725 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] Any ideas ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e10486b0801151458j2a3e104am6c30619ddfb08974>