On 29.7.2012. 18:09, Mike Belopuhov wrote:
> On Sun, Jul 29, 2012 at 5:47 PM, Hrvoje Popovski wrote:
>>
>> Hello,
>>
>> i have tested your patches with torrent box behind 2 firewalls (nat,
>> carp,pfsync). One firewall is patched and second box isn't. Both of them
>> quite often export flows with duration of 429496*
>>
>
> is it possible that these flows are coming from the unpatched box?
> you can compare creatorid value to the hostid that is prited by
> pfctl -vsi.
>
Hello,
now with only one patched firewall, second firewall is halted, i'm still
having flows with 4294*.
2012-07-29 23:59:08.000 4294967276.000 TCP 193.198.155.12:54080 ->
2.27.201.104:10100 5 300 1
2012-07-29 23:58:13.000 4294966685.000 TCP 216.168.118.197:59550 ->
193.198.155.12:32459 744 36671 1
2012-07-29 23:58:16.000 4294967266.000 TCP 2.102.98.232:30533 ->
193.198.155.12:62574 5 280 1
2012-07-29 23:58:16.000 4294967290.000 TCP 66.41.95.7:57704 ->
193.198.155.12:64350 3 160 1
2012-07-29 23:58:47.000 4294967285.000 UDP 193.198.155.12:61398 ->
41.247.33.232:39683 5 909 1
2012-07-29 23:58:48.000 4294967290.000 UDP 193.198.155.12:32459 ->
78.3.45.180:15580 4 270 1
2012-07-29 23:59:20.000 4294967287.000 UDP 193.198.155.12:58422 ->
98.201.166.151:45912 1 125 1
2012-07-29 23:44:53.000 4294967202.000 TCP 114.76.136.130:11141 ->
193.198.155.12:60902 5 773 1
2012-07-29 23:58:26.000 4294967259.000 TCP 193.198.155.12:57768 ->
98.246.57.85:14098 5 336 1
2012-07-29 23:58:27.000 4294967287.000 TCP 193.198.155.12:32459 ->
202.164.142.78:60944 8 953 1
2012-07-29 23:58:27.000 4294967288.000 TCP 193.198.155.12:32459 ->
24.107.132.9:18351 4 172 1
2012-07-29 23:58:58.000 4294967290.000 UDP 10.161.53.99:32459 ->
50.101.49.79:26948 3 580 1
