Date: Thu, 30 Jan 2003 10:25:35 +0500 From: Sergey Klusov <shy@geoseis.t72.ru> To: freebsd-ipfw@FreeBSD.ORG Subject: ipfw2 Message-ID: <124904071.20030130102535@geoseis.t72.ru>
next in thread | raw e-mail | index | archive | help
Hello, i've got a problem with ipfw2
here is my config
ipfw add 50 divert natd all from any to any via ${extif}
ipfw add 100 check-state
ipfw add 200 deny log tcp from any to any established
ipfw add 300 permit tcp from any to any setup
almost always there is a logged message like this, WHEN the connection
terminates
Everything works fine but full log of this:
Jan 10 12:04:24 tower /kernel: ipfw: 200 Deny TCP 217.66.99.188:80 193.111.x.x:1147 in via rl1
i've tried to intercept this packets with tcpdump and figured out,
what those packets logged are TCP packets with FIN flag. And it seems,
that many hosts send multiple FIN packets, wich causes to remove
dynamic rule on first FIN packet and then log that message above on
all subsequent packets.
Also i must notice that it is not diverted packets logged, because we
use squid, which is on the same host. So i doubt what this is a NAT
issue.
Any ideas?
--
Best regards,
Sergey Klusov
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?124904071.20030130102535>