Your reply traffic from 192.168.12.0/24 is bypassing the pfsense box and returning directly to your PC. This breaks stateful inspection. You are better off moving 192.168.12.0 behind the pfsense box on another nic, or adding a static route on your PC tht points 192.168.12.0 at the same place you are pointing pfsense to.
--Bill On Jan 10, 2008 10:10 PM, Geoff Crompton <[EMAIL PROTECTED]> wrote: > It seems if I have a tcp connection that comes in the LAN interface to > my pfSense gateway, and exists the same interface, I can transfer a > small amount of data before pfSense starts dropping the packets. > > > Eg > > ---------- > | router | > ---------- > | 192.168.1.1 > | > | 192.168.1.29 > | ----- > +---|myPC| > | ----- > | > | > | 192.168.1.204 > | ----- > +---|dev| > | ----- > > > On router I've got this static route: > LAN 192.168.12.0/24 192.168.1.204 Virtual Dev machines > > > So if I do a scp from myPC to 192.168.12.23 the traffic flows on my > default route to the router, and then gets forwarded onto the dev box. > > A tcpdump of one such transfer (of a 2Mb file) shows the connection > starts, but after about Seq=64664 (thats the tcp sequence number of the > direction from myPC to 192.168.12.23) my tcpdump shows that no more > packets are forwarded onto 192.168.12.23. > > Anyone know why? > > -- > Geoff Crompton > Debian System Administrator > http://www.strategicdata.com.au > Phone: +61 3 9340 9000 > Fax: +61 3 9348 2015 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
