Last Address on Interface Receiving RST ACK.

Sat Sep 24 15:39:34 UTC 2011

Ignore this. I found the problem with this a little while back.

Problem was that the address recieving the RST ACK on the same interface
within the same subnet was also located within a DMZ which caused it to
recieve everything that was also bound for the /24

On Thu, Sep 08, 2011 at 01:28:38AM -0400, Jason Hellenthal wrote:
> 
> Net,
> 
> With a default setup of dc0 on 8.2-STABLE r224908 I have noticed that
> when the interface is configured with more than one address that the
> last address configured recieves RSTs & ACKs that were generated on the
> primary address.
> 
> The configuration is like such:
> 
> PF with no NAT or redirection.
> Default route: 192.168.1.1
> ipv4_addrs_dc0="192.168.1.2/24"
> 
> And then a jail brings up alias 192.168.1.100/32
> 
> I have mail pulling down to this system every 20 minutes and this is
> repeated every 20 minutes but not soley dependent to just this service
> or destination.
> 
> Rule 26: block drop in log quick proto tcp from !<trusted> port < 1024
> to any
> 
> Keep in mind the only way I caught this is because the jail is not
> generating any traffic and since there is no state for that address this
> rule kicks in to block what should not be recieved by that address.
> 
> Any help with this would be appreciated.
> 
> 00:56:05.274815 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 13179, offset 0, flags [none], proto TCP (6), length 40)
>     91.121.XXX.XXX.443 > 192.168.1.100.33581: Flags [R.], cksum 0x0a57 (correct), seq 1397498691, ack 1491506967, win 0, length 0
> 00:56:49.351521 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 44594, offset 0, flags [none], proto TCP (6), length 40)
>     74.125.XXX.X.443 > 192.168.1.100.58794: Flags [R.], cksum 0x0268 (correct), seq 3217610262, ack 840102530, win 0, length 0
> 00:57:49.465331 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49671, offset 0, flags [none], proto TCP (6), length 40)
>     74.125.XXX.XX.443 > 192.168.1.100.35474: Flags [R.], cksum 0x5c5e (correct), seq 3787279118, ack 1664887624, win 0, length 0
> 00:58:23.524232 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 54499, offset 0, flags [none], proto TCP (6), length 40)
>     74.125.XXX.XXX.993 > 192.168.1.100.55544: Flags [R.], cksum 0x9962 (correct), seq 1419741552, ack 2168011860, win 0, length 0
> 00:58:49.586119 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 61912, offset 0, flags [none], proto TCP (6), length 40)
>     74.125.XXX.XX.443 > 192.168.1.100.64663: Flags [R.], cksum 0xf8db (correct), seq 1228724784, ack 2559832299, win 0, length 0
> 00:58:51.573874 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 49850, offset 0, flags [none], proto TCP (6), length 40)
>     12.22.XX.XX.873 > 192.168.1.100.60330: Flags [R.], cksum 0xfcbd (correct), seq 1803075968, ack 944126062, win 0, length 0
> 00:59:05.594207 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 18167, offset 0, flags [none], proto TCP (6), length 40)
>     12.22.XX.XX.873 > 192.168.1.100.16970: Flags [R.], cksum 0x851b (correct), seq 1913818609, ack 3282631427, win 0, length 0
> 01:08:24.602213 rule 26/0(match): block in on dc0: (tos 0x0, ttl 254, id 19516, offset 0, flags [none], proto TCP (6), length 40)
>     74.125.XXX.XX.993 > 192.168.1.100.27724: Flags [R.], cksum 0xa62d (correct), seq 3861575754, ack 1373823783, win 0, length 0
> 