Date: Sat, 24 Sep 2011 11:39:27 -0400 From: Jason Hellenthal <jhell@DataIX.net> To: net@FreeBSD.org Subject: Re: Last Address on Interface Receiving RST ACK. Message-ID: <20110924153927.GA92152@DataIX.net> In-Reply-To: <20110908052838.GA36011@DataIX.net> References: <20110908052838.GA36011@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ignore this. I found the problem with this a little while back. Problem was that the address recieving the RST ACK on the same interface within the same subnet was also located within a DMZ which caused it to recieve everything that was also bound for the /24 On Thu, Sep 08, 2011 at 01:28:38AM -0400, Jason Hellenthal wrote: > > Net, > > With a default setup of dc0 on 8.2-STABLE r224908 I have noticed that > when the interface is configured with more than one address that the > last address configured recieves RSTs & ACKs that were generated on the > primary address. > > The configuration is like such: > > PF with no NAT or redirection. > Default route: 192.168.1.1 > ipv4_addrs_dc0="192.168.1.2/24" > > And then a jail brings up alias 192.168.1.100/32 > > I have mail pulling down to this system every 20 minutes and this is > repeated every 20 minutes but not soley dependent to just this service > or destination. > > Rule 26: block drop in log quick proto tcp from !<trusted> port < 1024 > to any > > Keep in mind the only way I caught this is because the jail is not > generating any traffic and since there is no state for that address this > rule kicks in to block what should not be recieved by that address. > > Any help with this would be appreciated. > > 00:56:05.274815 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 13179, offset 0, flags [none], proto TCP (6), length 40) > 91.121.XXX.XXX.443 > 192.168.1.100.33581: Flags [R.], cksum 0x0a57 (correct), seq 1397498691, ack 1491506967, win 0, length 0 > 00:56:49.351521 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 44594, offset 0, flags [none], proto TCP (6), length 40) > 74.125.XXX.X.443 > 192.168.1.100.58794: Flags [R.], cksum 0x0268 (correct), seq 3217610262, ack 840102530, win 0, length 0 > 00:57:49.465331 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49671, offset 0, flags [none], proto TCP (6), length 40) > 74.125.XXX.XX.443 > 192.168.1.100.35474: Flags [R.], cksum 0x5c5e (correct), seq 3787279118, ack 1664887624, win 0, length 0 > 00:58:23.524232 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 54499, offset 0, flags [none], proto TCP (6), length 40) > 74.125.XXX.XXX.993 > 192.168.1.100.55544: Flags [R.], cksum 0x9962 (correct), seq 1419741552, ack 2168011860, win 0, length 0 > 00:58:49.586119 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 61912, offset 0, flags [none], proto TCP (6), length 40) > 74.125.XXX.XX.443 > 192.168.1.100.64663: Flags [R.], cksum 0xf8db (correct), seq 1228724784, ack 2559832299, win 0, length 0 > 00:58:51.573874 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49850, offset 0, flags [none], proto TCP (6), length 40) > 12.22.XX.XX.873 > 192.168.1.100.60330: Flags [R.], cksum 0xfcbd (correct), seq 1803075968, ack 944126062, win 0, length 0 > 00:59:05.594207 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 18167, offset 0, flags [none], proto TCP (6), length 40) > 12.22.XX.XX.873 > 192.168.1.100.16970: Flags [R.], cksum 0x851b (correct), seq 1913818609, ack 3282631427, win 0, length 0 > 01:08:24.602213 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 19516, offset 0, flags [none], proto TCP (6), length 40) > 74.125.XXX.XX.993 > 192.168.1.100.27724: Flags [R.], cksum 0xa62d (correct), seq 3861575754, ack 1373823783, win 0, length 0 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110924153927.GA92152>