FreeBSD Router Problem

[Shawn Everett]

On Thursday 26 February 2009, Adrian Penisoara wrote:
> pfctl -v -s state

It's midnight here.  There should be very little active traffic from 
workstations at this hour.  I was just about to head off to bed.


#pfctl -v -s state
No ALTQ support in kernel
ALTQ related functions disabled
all tcp 63.241.234.60:443 <- 172.16.3.37:1552       TIME_WAIT:TIME_WAIT
   [2809190277 + 65535](+6632)  [136754641 + 6215](+2672421819)
   age 00:02:53, expires in 00:00:46, 7:6 pkts, 2447:2108 bytes, rule 2
all tcp 172.16.3.37:1552 -> 204.244.159.68:57351 -> 63.241.234.60:443       
TIME_WAIT:TIME_WAIT
   [2809176460 + 6215](+8057)  [2245260981 + 65535](+563929296)
   age 00:02:53, expires in 00:00:46, 7:6 pkts, 2447:2108 bytes, rule 5
all udp 172.16.3.255:138 <- 172.16.3.29:138       NO_TRAFFIC:SINGLE
   age 00:00:58, expires in 00:00:02, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.29:138 -> 204.244.159.55:62508 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:58, expires in 00:00:02, 1:0 pkts, 229:0 bytes, rule 9
all udp 172.16.3.255:138 <- 172.16.3.38:138       NO_TRAFFIC:SINGLE
   age 00:00:54, expires in 00:00:06, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.38:138 -> 204.244.159.68:59414 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:54, expires in 00:00:06, 1:0 pkts, 229:0 bytes, rule 6
all udp 172.16.3.255:138 <- 172.16.3.46:138       NO_TRAFFIC:SINGLE
   age 00:00:52, expires in 00:00:08, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.46:138 -> 204.244.159.55:61107 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:52, expires in 00:00:08, 1:0 pkts, 229:0 bytes, rule 9
all udp 172.16.3.255:138 <- 172.16.3.73:138       NO_TRAFFIC:SINGLE
   age 00:00:50, expires in 00:00:10, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.73:138 -> 204.244.159.68:57339 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:50, expires in 00:00:10, 1:0 pkts, 229:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.31:2907       CLOSED:SYN_SENT
   [0 + 65535]  [2039994755 + 1](+3336367162)
   age 00:00:47, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.31:2907 -> 204.244.159.68:51242 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1081394621 + 1](+4585)  [0 + 65535]
   age 00:00:47, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.54:2973       CLOSED:SYN_SENT
   [0 + 65535]  [1169394795 + 1](+3127556057)
   age 00:00:46, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.54:2973 -> 204.244.159.55:60178 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1983556 + 1](+5275)  [0 + 65535]
   age 00:00:46, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 8
all udp 172.16.3.255:138 <- 172.16.3.72:138       NO_TRAFFIC:SINGLE
   age 00:00:45, expires in 00:00:15, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.72:138 -> 204.244.159.55:62034 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:45, expires in 00:00:15, 1:0 pkts, 229:0 bytes, rule 9
all udp 172.16.3.255:138 <- 172.16.3.57:138       NO_TRAFFIC:SINGLE
   age 00:00:45, expires in 00:00:15, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.57:138 -> 204.244.159.68:58279 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:45, expires in 00:00:15, 1:0 pkts, 229:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.49:1947       CLOSED:SYN_SENT
   [0 + 65535]  [3216417449 + 1](+2374568959)
   age 00:00:44, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.49:1947 -> 204.244.159.68:52981 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1296019112 + 1](+4299)  [0 + 65535]
   age 00:00:44, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.31:2908       CLOSED:SYN_SENT
   [0 + 65535]  [344188291 + 1](+3105844931)
   age 00:00:43, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.31:2908 -> 204.244.159.55:61404 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [3450033222 + 1](+5488)  [0 + 65535]
   age 00:00:43, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 8
all tcp 10.170.54.1:81 <- 172.16.3.30:2063       CLOSED:SYN_SENT
   [0 + 65535]  [459132347 + 1](+1172967503)
   age 00:00:43, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.30:2063 -> 204.244.159.68:61029 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1632099850 + 1](+4578)  [0 + 65535]
   age 00:00:43, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 5
all udp 172.16.3.255:138 <- 172.16.3.37:138       NO_TRAFFIC:SINGLE
   age 00:00:40, expires in 00:00:20, 1:0 pkts, 242:0 bytes, rule 3
all udp 172.16.3.37:138 -> 204.244.159.55:55472 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:40, expires in 00:00:20, 1:0 pkts, 242:0 bytes, rule 9
all udp 172.16.3.255:138 <- 172.16.3.49:138       NO_TRAFFIC:SINGLE
   age 00:00:39, expires in 00:00:21, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.49:138 -> 204.244.159.68:55551 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:39, expires in 00:00:21, 1:0 pkts, 229:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.51:3475       CLOSED:SYN_SENT
   [0 + 65535]  [1186661975 + 1](+472867228)
   age 00:00:39, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.51:3475 -> 204.244.159.55:63438 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1659529203 + 1](+5514)  [0 + 65535]
   age 00:00:39, expires in 00:00:00, 3:0 pkts, 144:0 bytes, rule 8
all udp 172.16.3.255:137 <- 172.16.3.76:137       NO_TRAFFIC:SINGLE
   age 00:00:37, expires in 00:00:00, 3:0 pkts, 234:0 bytes, rule 3
all udp 172.16.3.76:137 -> 204.244.159.55:59226 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:37, expires in 00:00:00, 3:0 pkts, 234:0 bytes, rule 9
all tcp 10.170.54.1:81 <- 172.16.3.46:1807       CLOSED:SYN_SENT
   [0 + 65535]  [59677193 + 1](+3666664406)
   age 00:00:35, expires in 00:00:04, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.46:1807 -> 204.244.159.68:55544 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [3726341599 + 1](+7061)  [0 + 65535]
   age 00:00:35, expires in 00:00:04, 3:0 pkts, 144:0 bytes, rule 5
all udp 172.16.3.255:138 <- 172.16.3.8:138       NO_TRAFFIC:SINGLE
   age 00:00:27, expires in 00:00:33, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.8:138 -> 204.244.159.68:65532 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:27, expires in 00:00:33, 1:0 pkts, 229:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.31:2909       CLOSED:SYN_SENT
   [0 + 65535]  [778012129 + 1](+2120103351)
   age 00:00:26, expires in 00:00:13, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.31:2909 -> 204.244.159.55:61987 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [2898115480 + 1](+6268)  [0 + 65535]
   age 00:00:26, expires in 00:00:13, 3:0 pkts, 144:0 bytes, rule 8
all udp 172.16.3.255:138 <- 172.16.3.21:138       NO_TRAFFIC:SINGLE
   age 00:00:26, expires in 00:00:34, 1:0 pkts, 242:0 bytes, rule 3
all udp 172.16.3.21:138 -> 204.244.159.55:51353 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:26, expires in 00:00:34, 1:0 pkts, 242:0 bytes, rule 9
all tcp 10.170.54.1:81 <- 172.16.3.54:2974       CLOSED:SYN_SENT
   [0 + 65535]  [569329580 + 1](+583400938)
   age 00:00:25, expires in 00:00:14, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.54:2974 -> 204.244.159.68:62558 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1152730518 + 1](+5061)  [0 + 65535]
   age 00:00:25, expires in 00:00:14, 3:0 pkts, 144:0 bytes, rule 5
all udp 172.16.3.255:137 <- 172.16.3.22:137       NO_TRAFFIC:SINGLE
   age 00:00:23, expires in 00:00:37, 1:0 pkts, 78:0 bytes, rule 3
all udp 172.16.3.22:137 -> 204.244.159.68:54497 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:23, expires in 00:00:37, 1:0 pkts, 78:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.49:1948       CLOSED:SYN_SENT
   [0 + 65535]  [2509322408 + 1](+3813371212)
   age 00:00:23, expires in 00:00:16, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.49:1948 -> 204.244.159.55:56965 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [2027726324 + 1](+7437)  [0 + 65535]
   age 00:00:23, expires in 00:00:16, 3:0 pkts, 144:0 bytes, rule 8
all udp 172.16.3.255:137 <- 172.16.3.31:137       NO_TRAFFIC:SINGLE
   age 00:00:22, expires in 00:00:10, 3:0 pkts, 234:0 bytes, rule 3
all udp 172.16.3.31:137 -> 204.244.159.55:65154 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:22, expires in 00:00:10, 3:0 pkts, 234:0 bytes, rule 9
all udp 172.16.3.255:138 <- 172.16.3.36:138       NO_TRAFFIC:SINGLE
   age 00:00:21, expires in 00:00:39, 1:0 pkts, 229:0 bytes, rule 3
all udp 172.16.3.36:138 -> 204.244.159.68:53322 -> 172.16.3.255:138       
SINGLE:NO_TRAFFIC
   age 00:00:21, expires in 00:00:39, 1:0 pkts, 229:0 bytes, rule 6
all tcp 10.170.54.1:81 <- 172.16.3.30:2064       CLOSED:SYN_SENT
   [0 + 65535]  [746240695 + 1](+1233058940)
   age 00:00:20, expires in 00:00:19, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.30:2064 -> 204.244.159.68:51143 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1979299635 + 1](+6018)  [0 + 65535]
   age 00:00:20, expires in 00:00:19, 3:0 pkts, 144:0 bytes, rule 5
all tcp 64.56.145.72:110 <- 172.16.3.62:3575       FIN_WAIT_2:FIN_WAIT_2
   [3781047388 + 65465](+7582)  [1715565868 + 5840](+2065472307)
   age 00:00:19, expires in 00:01:12, 8:9 pkts, 384:438 bytes, rule 2
all tcp 172.16.3.62:3575 -> 204.244.159.55:55043 -> 64.56.145.72:110       
FIN_WAIT_2:FIN_WAIT_2
   [3781038175 + 5840](+4881)  [2842714655 + 65465](+938332733)
   age 00:00:19, expires in 00:01:12, 8:9 pkts, 384:438 bytes, rule 8
all tcp 10.170.54.1:81 <- 172.16.3.51:3476       CLOSED:SYN_SENT
   [0 + 65535]  [784236726 + 1](+4187310284)
   age 00:00:17, expires in 00:00:22, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.51:3476 -> 204.244.159.68:57484 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [676579714 + 1](+7199)  [0 + 65535]
   age 00:00:17, expires in 00:00:22, 3:0 pkts, 144:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.17:4335       CLOSED:SYN_SENT
   [0 + 65535]  [1816039899 + 1](+1408229979)
   age 00:00:17, expires in 00:00:22, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.17:4335 -> 204.244.159.55:50224 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [3224269878 + 1](+5331)  [0 + 65535]
   age 00:00:17, expires in 00:00:22, 3:0 pkts, 144:0 bytes, rule 8
all udp 172.16.3.255:137 <- 172.16.3.46:137       NO_TRAFFIC:SINGLE
   age 00:00:14, expires in 00:00:17, 3:0 pkts, 234:0 bytes, rule 3
all udp 172.16.3.46:137 -> 204.244.159.55:51801 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:14, expires in 00:00:17, 3:0 pkts, 234:0 bytes, rule 9
all tcp 10.170.54.1:81 <- 172.16.3.71:3100       CLOSED:SYN_SENT
   [0 + 65535]  [3279736087 + 1](+833801231)
   age 00:00:14, expires in 00:00:25, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.71:3100 -> 204.244.159.68:50742 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [4113537318 + 1](+5530)  [0 + 65535]
   age 00:00:14, expires in 00:00:25, 3:0 pkts, 144:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.74:3179       CLOSED:SYN_SENT
   [0 + 65535]  [926335667 + 1](+3707646138)
   age 00:00:13, expires in 00:00:26, 3:0 pkts, 144:0 bytes, rule 2
all tcp 172.16.3.74:3179 -> 204.244.159.55:52685 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [339014509 + 1](+5602)  [0 + 65535]
   age 00:00:13, expires in 00:00:26, 3:0 pkts, 144:0 bytes, rule 8
all tcp 10.170.54.1:81 <- 172.16.3.31:2910       CLOSED:SYN_SENT
   [0 + 65535]  [413832409 + 1](+1332464212)
   age 00:00:05, expires in 00:00:28, 2:0 pkts, 96:0 bytes, rule 2
all tcp 172.16.3.31:2910 -> 204.244.159.68:55614 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1746296621 + 1](+4477)  [0 + 65535]
   age 00:00:05, expires in 00:00:28, 2:0 pkts, 96:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.18:2483       CLOSED:SYN_SENT
   [0 + 65535]  [1172638831 + 1](+459648591)
   age 00:00:04, expires in 00:00:29, 2:0 pkts, 96:0 bytes, rule 2
all tcp 172.16.3.18:2483 -> 204.244.159.55:58493 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1632287422 + 1](+5021)  [0 + 65535]
   age 00:00:04, expires in 00:00:29, 2:0 pkts, 96:0 bytes, rule 8
all tcp 10.170.54.1:81 <- 172.16.3.54:2975       CLOSED:SYN_SENT
   [0 + 65535]  [2580756030 + 1](+3460057222)
   age 00:00:04, expires in 00:00:29, 2:0 pkts, 96:0 bytes, rule 2
all tcp 172.16.3.54:2975 -> 204.244.159.68:50722 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [1745845956 + 1](+4909)  [0 + 65535]
   age 00:00:04, expires in 00:00:29, 2:0 pkts, 96:0 bytes, rule 5
all tcp 10.170.54.1:81 <- 172.16.3.49:1949       CLOSED:SYN_SENT
   [0 + 1]  [240678205 + 2](+2261118483)
   age 00:00:02, expires in 00:01:58, 1:0 pkts, 48:0 bytes, rule 2
all tcp 172.16.3.49:1949 -> 204.244.159.55:50044 -> 10.170.54.1:81       
SYN_SENT:CLOSED
   [2501796688 + 2](+4727)  [0 + 1]
   age 00:00:02, expires in 00:01:58, 1:0 pkts, 48:0 bytes, rule 8
all udp 172.16.3.255:137 <- 172.16.3.77:137       NO_TRAFFIC:SINGLE
   age 00:00:01, expires in 00:00:30, 2:0 pkts, 156:0 bytes, rule 3
all udp 172.16.3.77:137 -> 204.244.159.68:50174 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:01, expires in 00:00:30, 2:0 pkts, 156:0 bytes, rule 6
all udp 172.16.3.255:137 <- 172.16.3.17:137       NO_TRAFFIC:SINGLE
   age 00:00:01, expires in 00:00:30, 2:0 pkts, 156:0 bytes, rule 3
all udp 172.16.3.17:137 -> 204.244.159.55:58365 -> 172.16.3.255:137       
SINGLE:NO_TRAFFIC
   age 00:00:01, expires in 00:00:30, 2:0 pkts, 156:0 bytes, rule 9