Hello,
my imaps links sometimes get stuck and performance suffers.
Also I see "loose state match" message like this one:
---------------------------------------------------------------------
pf: loose state match: TCP 84.107.12.60:55190 84.107.12.60:55190
62.27.38.63:25 \
[lo=2706638753 high=2706644544 win=65535 modulator=0 wscale=0] \
[lo=3686937598 high=3687003104 win=5792 modulator=0 wscale=0] \
10:10 R seq=2706638753 ack=3686937598 len=0 ackskew=0 pkts=8:8
---------------------------------------------------------------------
I have 2 pfsync'ed firewalls with a policy based setup as described here
http://www.openbsd.org/faq/pf/tagging.html
Packets enter like
pass in on $green_if inet proto tcp from <intra_nets> to
<bastion_mail_hosts> \
port { smtp, imaps } tag GREEN_DMZ $tcp_options
and exit like
pass out quick on $dmz_if tagged GREEN_DMZ keep state
Looking at pftop, I see inbound and outbound connections. Usually
packet and
byte counts match on both directions but sometimes the don't like:
---------------------------------------------------------------------
PKTS BYTES
in 72 9489
out 75 9617
---------------------------------------------------------------------
and later:
---------------------------------------------------------------------
in 90 11731
out 93 11859
---------------------------------------------------------------------
All other fields match an look like:
---------------------------------------------------------------------
tcp In 192.176.179.161:49320 84.107.12.60:993 \
ESTABLISHED:ESTABLISHED 00:13:47 23:55:17 \
72 9489 0 421 11 70
---------------------------------------------------------------------
What am I doing wrong?
Where could I dig further?
This is 4.0.
Axel
---------------------------------------------------------------------
Axel Rau, ☀Frankfurt , Germany +49 69 9514 18 0
