Date: Thu, 8 Sep 2011 01:28:38 -0400 From: Jason Hellenthal <jhell@DataIX.net> To: net@FreeBSD.org Subject: Last Address on Interface Receiving RST ACK. Message-ID: <20110908052838.GA36011@DataIX.net>
next in thread | raw e-mail | index | archive | help
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Net,
With a default setup of dc0 on 8.2-STABLE r224908 I have noticed that
when the interface is configured with more than one address that the
last address configured recieves RSTs & ACKs that were generated on the
primary address.
The configuration is like such:
PF with no NAT or redirection.
Default route: 192.168.1.1
ipv4_addrs_dc0="192.168.1.2/24"
And then a jail brings up alias 192.168.1.100/32
I have mail pulling down to this system every 20 minutes and this is
repeated every 20 minutes but not soley dependent to just this service
or destination.
Rule 26: block drop in log quick proto tcp from !<trusted> port < 1024
to any
Keep in mind the only way I caught this is because the jail is not
generating any traffic and since there is no state for that address this
rule kicks in to block what should not be recieved by that address.
Any help with this would be appreciated.
00:56:05.274815 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 13179, offset 0, flags [none], proto TCP (6), length 40)
91.121.XXX.XXX.443 > 192.168.1.100.33581: Flags [R.], cksum 0x0a57 (correct), seq 1397498691, ack 1491506967, win 0, length 0
00:56:49.351521 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 44594, offset 0, flags [none], proto TCP (6), length 40)
74.125.XXX.X.443 > 192.168.1.100.58794: Flags [R.], cksum 0x0268 (correct), seq 3217610262, ack 840102530, win 0, length 0
00:57:49.465331 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49671, offset 0, flags [none], proto TCP (6), length 40)
74.125.XXX.XX.443 > 192.168.1.100.35474: Flags [R.], cksum 0x5c5e (correct), seq 3787279118, ack 1664887624, win 0, length 0
00:58:23.524232 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 54499, offset 0, flags [none], proto TCP (6), length 40)
74.125.XXX.XXX.993 > 192.168.1.100.55544: Flags [R.], cksum 0x9962 (correct), seq 1419741552, ack 2168011860, win 0, length 0
00:58:49.586119 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 61912, offset 0, flags [none], proto TCP (6), length 40)
74.125.XXX.XX.443 > 192.168.1.100.64663: Flags [R.], cksum 0xf8db (correct), seq 1228724784, ack 2559832299, win 0, length 0
00:58:51.573874 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49850, offset 0, flags [none], proto TCP (6), length 40)
12.22.XX.XX.873 > 192.168.1.100.60330: Flags [R.], cksum 0xfcbd (correct), seq 1803075968, ack 944126062, win 0, length 0
00:59:05.594207 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 18167, offset 0, flags [none], proto TCP (6), length 40)
12.22.XX.XX.873 > 192.168.1.100.16970: Flags [R.], cksum 0x851b (correct), seq 1913818609, ack 3282631427, win 0, length 0
01:08:24.602213 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 19516, offset 0, flags [none], proto TCP (6), length 40)
74.125.XXX.XX.993 > 192.168.1.100.27724: Flags [R.], cksum 0xa62d (correct), seq 3861575754, ack 1373823783, win 0, length 0
--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
Comment: http://bit.ly/0x89D8547E
iQEcBAEBAgAGBQJOaFKFAAoJEJBXh4mJ2FR+qJoH/RcrEd91ueDvHjsTEVsMNj5k
EeP/NwpU2qE3NA+B3oFBQeCo2O2sVbESivbf8OfCu+JagKFkog5p0MQ2F0oASEKh
gSOVLu+LHNYjGDAmmNSXrPy+k2LF0/n43aP69q+b8nl4Tfu6w2eL5sbXBIKq8ljm
4bqEorZHZ6hJNrzQjq/y+G34heqqjSztf458ep6dGG9wq2EfjHKR+Svz42jGNFYF
iwdkmAwqLUQSZw1a0hXUF2JAvyfGGWoE5YZUZ/ndrNjfIbBtz+09Fs++X/8tzwcN
5j6E/ZrKB6jUGp65xAteAIU8Au+/MoFwZf7NBgbT9RDvGlaOHXbIy5qsfWymQWA=
=osYO
-----END PGP SIGNATURE-----
--LZvS9be/3tNcYl/X--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110908052838.GA36011>