Have to add sth. to it: Zitat von Peter Allgeyer <[EMAIL PROTECTED]>: > following problem: > > pfSense: R1 Router/FW between Lan L1 and Internet > LAN Router: R2 Router/FW between Lan L1 and LAN L2 > > pfSense is default gw for all hosts in local LAN L1. pfSense has a > static routing to an internal Router R2 for a private LAN L2. SSH to > a > host in the private LAN L2 from Linux in local LAN L1 is ok. SSH to a > host in the private LAN L2 from Windows is ok for only a few seconds, > after that, the connection hangs. Tcpdump on R1 further show packets > going to the Host in L2, but nothing comes back. R2 has a packet > filter, so maybe there's a problem. Ok, so far so bad.
This is the output of the logfile on pfSense: Jul 10 14:44:05 pf02 pf: 283479 rule 622/0(match): pass in on bge0: (tos 0x0, ttl 64, id 2159, offset 0, flags [DF], proto: TCP (6), length: 60) 172.16.13.11.39326 > 192.168.40.20.22: S 946074295:946074295(0) win 5840 <mss 1460,sackOK,timestamp[|tcp]> Jul 10 14:44:34 pf02 pf: 477533 rule 1224/0(match): block in on bge0: (tos 0x10, ttl 64, id 43958, offset 0, flags [DF], proto: TCP (6), length: 64) 172.16.13.11.53968 > 192.168.40.20.22: . ack 1 win 9860 <nop,nop,timestamp 127604616[|tcp]> Jul 10 14:44:37 pf02 pf: 936222 rule 1224/0(match): block in on bge0: (tos 0x10, ttl 64, id 2277, offset 0, flags [DF], proto: TCP (6), length: 52) 172.16.13.11.39326 > 192.168.40.20.22: . ack 2819347952 win 5268 <nop,nop,timestamp 127605343[|tcp]> and so on ... Rule 622: @622 pass in log quick on bge0 inet proto tcp from 172.16.0.0/16 port >= 1024 to 192.168.0.0/16 port = ssh flags S/SA keep state It seems that pfSense allows the initial SYN, can't see the SYN/ACK (because of asymetric routing) and then allows the ACK. After a while, it decides to block the traffic. BUT WHY? BR, PIT --------------------------------------------------------------------------- copyleft(c) by | _-_ "sic transit discus mundi" (From the System Peter Allgeyer | 0(o_o)0 Administrator's Guide, by Lars Wirzenius) ---------------oOO--(_)--OOo----------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
