Project

General

Profile

Actions

Bug #3114

closed

Filter problem from routed links

Added by Jevgenijus S over 11 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
07/28/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.x
Affected Architecture:
amd64

Description

Network topology:
1) LAN subnet 192.168.0.0/24
LAN IP 192.168.0.254
LAN ALias 192.169.0.254
DMZ server 192.169.0.120 (IP Alias) em2
2)Remote LAN's subnets 192.168.0.0/16 routed via provider router 192.168.0.252 / routes is wroking
3) Rules - allow 192.168.0.0/16 to 192.169.0.120 (LAN rules) and 192.169.0.120 to 192.168.0.0/16 (DMZ rules)

Problem:
1) I can ping and telnet services from 192.168.0/16 hosts to 192.169.0.120, but all tcp connections are hangs and get timeouts...
2) I've got filter messages rule 1/0(match): block in on em2

Jul 28 17:50:36 firewall pf: 192.169.0.120.10090 > 192.168.xx.101.62873: Flags [S.], cksum 0xb8b0 (correct), seq 1944344361, ack 506361591, win 64240, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
Jul 28 17:50:36 firewall pf: 00:00:00.000160 rule 1/0(match): block in on em2: (tos 0x0, ttl 124, id 57033, offset 0, flags [DF], proto TCP (6), length 48)

Reboots and sessions reset could not help, where is no any others blocking rules.
Block private networks and Block bogon networks settings are not checked both on LAN and DMZ interfaces.

Actions #1

Updated by Jim Pingle over 11 years ago

  • Status changed from New to Rejected

Configuration issue, not a bug. Post on the forum for assistance allowing traffic in an asymmetric routing scenario.

Actions #2

Updated by Jevgenijus S over 11 years ago

"Bypass firewall rules for traffic on the same interface" does not help too :(

Actions #3

Updated by Chris Buechler over 9 years ago

  • Target version deleted (2.1)
Actions

Also available in: Atom PDF