Hi,
I try to reach a sftp server behind my openbsd 4.6 firewall. Sometimes
it works and sometimes not.
SRC IP: 10.100.106.58
DST IP: xxx.xxx.126.244
DST Port: 7400/tcp
If I try to connect pflog shows me:
Mar 16 20:36:39.570280 rule 201/(match) pass in on em0:
10.100.106.58.35286 > xxx.xxx.126.244.7400: S 3090744159:3090744159(0)
win 5840 <mss 1460,sackOK,timestamp 4134057806[|tcp]> (DF)
Mar 16 20:36:39.570292 rule 201/(match) pass out on em4:
10.100.106.58.35286 > xxx.xxx.126.244.7400: S 3090744159:3090744159(0)
win 5840 <mss 1460,sackOK,timestamp 4134057806[|tcp]> (DF)
Mar 16 20:37:14.677912 rule 244/(match) block in on em0:
10.100.106.58.35286 > xxx.xxx.126.244.7400: P 3090746972:3090747004(32)
ack 3225125621 win 224 <nop,nop,timestamp 4134092914 1713395> (DF) [tos
0x8]
Mar 16 20:37:14.916504 rule 244/(match) block in on em0:
10.100.106.58.35286 > xxx.xxx.126.244.7400: P 0:32(32) ack 1 win 224
<nop,nop,timestamp 4134093152 1713395> (DF) [tos 0x8]
Mar 16 20:37:15.392461 rule 244/(match) block in on em0:
10.100.106.58.35286 > xxx.xxx.126.244.7400: P 0:32(32) ack 1 win 224
<nop,nop,timestamp 4134093628 1713395> (DF) [tos 0x8]
the first connection passed, but them it is blocked - why?
affected rules:
@201 pass log quick inet proto tcp from <tbl.r76.s:3> to <tbl.r41.d:4>
port = 7400 flags S/SA keep state label "RULE 76 -- ACCEPT "
[ Evaluations: 13948 Packets: 390 Bytes: 300416 States:
0 ]
[ Inserted: uid 0 pid 4296 State Creations: 12 ]
@244 block return-icmp(port-unr) log quick inet all label "deny_rest"
[ Evaluations: 28108654 Packets: 28108654 Bytes: 15763202122
States: 0 ]
[ Inserted: uid 0 pid 4296 State Creations: 0 ]
table <tbl.r41.d> { xxx.xxx.126.246 , xxx.xxx.126.244 , xxx.xxx.105.194
, xxx.xxx.126.245 }
table <tbl.r76.s> { 10.100.102.30 , 10.100.106.58 , 10.100.107.58 }
thx, for any hint.
regards,
Thomas
