Bug #2999
closed
sticky connections are really, really broken w/relayd
100%
Description
Sticky connections in combination with relayd in 2.1 is seriously broken. Take this circumstance, relayd listening on:
IP 1.2.3.4 port 80, redirecting to 192.168.1.10 port 80
IP 1.2.3.5 port 80, redirecting to 192.168.1.15 port 80
IP 1.2.3.6 port 25, redirecting to 192.168.1.14 port 25
IP 1.2.3.7 port 25, redirecting to 192.168.1.20 port 25
If sticky is enabled, when you connect to 1.2.3.4:80 sourced from IP 4.3.2.1, every connection sourced from 4.3.2.1 from that point on will be redirected to 192.168.1.10. For instance, from 4.3.2.1, connecting to 1.2.3.5:80 will go to 192.168.1.10:80. Going to 1.2.3.6:25 will go to 192.168.1.10:25. The IP that's being connected to gets completely ignored from that point on.
Updated by Ermal Luçi over 11 years ago
Actually fixed.
I had disabled the per rule src-tracking to mitigate something else.
Though seems it hurts more than it fixes the other issue.
Updated by Chris Buechler over 11 years ago
that's not how it's ever worked before, it's stayed sticky to a specific rdr in every previous OS version.
Updated by Ermal Luçi over 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset pfsense-tools:commit:eae00391a109101fc995d3309a6e2d2bdb7be579.
Updated by Chris Buechler over 11 years ago
- Status changed from Feedback to Resolved
confirmed fixed in testing and on customer's production system where problem was discovered.