Date: Tue, 02 Mar 2010 17:33:50 +0100 From: Olivier Thibault <Olivier.Thibault@lmpt.univ-tours.fr> To: freebsd-pf@freebsd.org Subject: FIN packets blocked Message-ID: <4B8D3DEE.30802@lmpt.univ-tours.fr>
next in thread | raw e-mail | index | archive | help
Hello, I have a web server with apache+modproxy running FreeBSD 7.2-RELEASE-p7. I filter incoming and outgoing traffic with pf. I have some packets (about 20 per day) which are blocked and I don't unde= rstand why. My config is : Internet -> ServerA(modproxy) -> ServerB(apache). Here is the log for one blocked packet : 2010-03-02 15:40:29.573890 rule 7/0(match): block out on le0: serverA.622= 28 >=20 serverB.80: F 3525425568:3525425568(0) ack 459935989 win 8326 <nop,nop,ti= mestamp=20 9801116 1193432194> All logs are similar. Rule 7 is : block return out log all I have a rule allowing the traffic towards serverB : pass out quick on le0 inet proto tcp from serverA to serverB port =3D htt= p As the packet has the FIN flag, I change this rule to : pass out quick on le0 inet proto tcp from serverA to serverB port =3D htt= p flags=20 S/SA keep state (if-bound, tcp.finwait 90) but it doesn't change anything. I used tcpdump to dump all traffic between the 2 servers, and the convers= ation=20 outgoing from port 62228 (shown in the log of the blocked packet) ended a= t=20 15h22, and the packet is block at 15h40. I guess there is something I mis-understood, but I don't know what. Could you help me understand ? Best regards, --=20 Olivier THIBAULT Universit=E9 Fran=E7ois Rabelais - UFR Sciences et Techniques Laboratoire de Math=E9matiques et Physique Th=E9orique (UMR CNRS 6083) Service Informatique de l'UFR Parc de Grandmont 37200 Tours - France Email: olivier.thibault at lmpt.univ-tours.fr Tel: (33)(0)2 47 36 69 12 Fax: (33)(0)2 47 36 70 68 Mobile : (33)(0)6 62 60 80 44
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B8D3DEE.30802>