Project

General

Profile

Actions

Bug #2999

closed

sticky connections are really, really broken w/relayd

Added by Chris Buechler over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
05/21/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:

Description

Sticky connections in combination with relayd in 2.1 is seriously broken. Take this circumstance, relayd listening on:

IP 1.2.3.4 port 80, redirecting to 192.168.1.10 port 80
IP 1.2.3.5 port 80, redirecting to 192.168.1.15 port 80
IP 1.2.3.6 port 25, redirecting to 192.168.1.14 port 25
IP 1.2.3.7 port 25, redirecting to 192.168.1.20 port 25

If sticky is enabled, when you connect to 1.2.3.4:80 sourced from IP 4.3.2.1, every connection sourced from 4.3.2.1 from that point on will be redirected to 192.168.1.10. For instance, from 4.3.2.1, connecting to 1.2.3.5:80 will go to 192.168.1.10:80. Going to 1.2.3.6:25 will go to 192.168.1.10:25. The IP that's being connected to gets completely ignored from that point on.

Actions #1

Updated by Ermal Luçi over 8 years ago

Actually fixed.
I had disabled the per rule src-tracking to mitigate something else.
Though seems it hurts more than it fixes the other issue.

Actions #2

Updated by Chris Buechler over 8 years ago

that's not how it's ever worked before, it's stayed sticky to a specific rdr in every previous OS version.

Actions #3

Updated by Ermal Luçi over 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Applied in changeset pfsense-tools:commit:eae00391a109101fc995d3309a6e2d2bdb7be579.

Actions #4

Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

confirmed fixed in testing and on customer's production system where problem was discovered.

Actions

Also available in: Atom PDF