Hi all,
i have a big problem with an endian firewall 2.0 and hope somebody can help
me:
I have set up an ipsec-connection through which a host on my green network
connects to an application on a host in the remote network.
>From time to time it happens that my host sends a SYN-Packet to the remote
host and the following ACK SYNC from the remote host gets blocked by the
firewall.
So the connection never establishes for about 12 hours.
Then suddenly the packets go through again and the connection establishes.
This didnt happen for some months, now it happened two times in one week.
I have no idea why, might this be a bug?
As this is a quite important system I would be really pleased for an answer.
Below some exceptions from the firewall log, i replaced the ip-adresses with
Xs and Ys
First time it happened:
Jan 23 02:36:18 vpngate ulogd[1013]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC=XXX.XXX.XXX.XXX
DST=YYY.YYY.YYY.YYY LEN=40 TOS=
00 PREC=0x00 TTL=53 ID=46247 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=960254609
ACK=1249158317 WINDOW=65535 ACK FIN URGP=0
And the last ones:
Jan 23 14:39:52 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=19873 PROTO=TCP SPT=2693 DPT=1024 SEQ=4075170023
ACK=2702542937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:44:09 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=22647 PROTO=TCP SPT=2693 DPT=1024 SEQ=4075170023
ACK=2702542937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:14 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=40 TOS=
00 PREC=0x00 TTL=53 ID=41042 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=4075170024
ACK=2702542937 WINDOW=65535 ACK RST URGP=0
Jan 23 14:45:15 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=43010 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:18 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=46498 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:24 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=53885 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:27 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=57769 CE PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:39 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=6691 PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Jan 23 14:45:51 vpngate ulogd[1015]: FORWARD IN=ipsec0 OUT=br0
MAC=00:09:6b:be:38:93:00:04:23:33:6d:74:08:00 SRC= XXX.XXX.XXX.XXX DST=
YYY.YYY.YYY.YYY LEN=44 TOS=
00 PREC=0x00 TTL=53 ID=22652 PROTO=TCP SPT=2693 DPT=1024 SEQ=4223778023
ACK=2780878937 WINDOW=65535 ACK SYN URGP=0
Thank you in advance,
Thomas
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
