Hi,
I'm not able to find a solution to this problem:
I've got some devices on the WAN net that need to open telnet connections to a
telnet server on the LAN net. (OK, don't tell me anything about incoming
telnet from WAN. At the moment I need to go on this way... )
LAN is bridged with WAN.
I've set up the FW rules and everything works fine.
But...
It often happens that the devices need to be resetted while a telnet
connection is estabilished. In this case, when the device "reboots" I have to
wait many minutes to estabilish a telnet connection.
Looking at the FW state logs, I see that every "regular" telnet connection is
coming from the x port of the device where x is everytime the same.
Every time the device reboots, the new connection, estabilished just waiting
many minutes, comes from port x+1. On the FWStates log, I see that the old
state is still active.
If I delete the FW states table before rebooting the device, the new
connection after reboot is estabilished immediately.
Furthermore, if I connect the device directly on the LAN switch, (excluding
PFSense filtering), I can reboot the device and have the new connection
immediately.
I have not been able to analyze the network traffic, but I suppose that the
device tries everytime to estabilish the telnet connection form port x and
this is happening
1. A connection is estabilished
2. PFSense keeps an active state DEV:x ==> SRV:23
3. Devicereboot
4. Device tries to estabilish a new connection (Syn from DEV:x to SRV:23)
5. PFSense knows from it's states table that a connection DEV:x ==> SRV:23 is
already estabilished and drops the new DEV:x ==> SRV:23 Syn packet
6. After some minutes the device reaches the time-out and tries a new
connection from port x+1. This new connection works fine.
I've being trying to solve the problem by configuring PFSense
1. inserting a new pass rule SRV:23 ==> DEV:(x...x+5)
2. not to keep (Firewall: Rules: Edit: State Type: (Advanced) None) the state
for the "pass" rules
DEV:(x...x+5) ==> SRV:23
SRV:23 ==> DEV:(x...x+5)
It doesn't work, even after rebooting PFSense. Furthermore, I can see the the
state in the States table. So I suppose that the advanced option "State type:
none" doesn't work.
I also tried to set a state timeout to 10 seconds. The same effect: I can see
the connection state on the active state table for a long time.
Any suggestion-info-idea?
Thanks in advance to everybody
Odette
