FIN packets blocked
Olivier Thibault
Olivier.Thibault at lmpt.univ-tours.fr
Tue Mar 2 16:35:12 UTC 2010
Hello,
I have a web server with apache+modproxy running FreeBSD 7.2-RELEASE-p7.
I filter incoming and outgoing traffic with pf.
I have some packets (about 20 per day) which are blocked and I don't understand why.
My config is :
Internet -> ServerA(modproxy) -> ServerB(apache).
Here is the log for one blocked packet :
2010-03-02 15:40:29.573890 rule 7/0(match): block out on le0: serverA.62228 >
serverB.80: F 3525425568:3525425568(0) ack 459935989 win 8326 <nop,nop,timestamp
9801116 1193432194>
All logs are similar.
Rule 7 is :
block return out log all
I have a rule allowing the traffic towards serverB :
pass out quick on le0 inet proto tcp from serverA to serverB port = http
As the packet has the FIN flag, I change this rule to :
pass out quick on le0 inet proto tcp from serverA to serverB port = http flags
S/SA keep state (if-bound, tcp.finwait 90)
but it doesn't change anything.
I used tcpdump to dump all traffic between the 2 servers, and the conversation
outgoing from port 62228 (shown in the log of the blocked packet) ended at
15h22, and the packet is block at 15h40.
I guess there is something I mis-understood, but I don't know what.
Could you help me understand ?
Best regards,
--
Olivier THIBAULT
Université François Rabelais - UFR Sciences et Techniques
Laboratoire de Mathématiques et Physique Théorique (UMR CNRS 6083)
Service Informatique de l'UFR
Parc de Grandmont
37200 Tours - France
Email: olivier.thibault at lmpt.univ-tours.fr
Tel: (33)(0)2 47 36 69 12
Fax: (33)(0)2 47 36 70 68
Mobile : (33)(0)6 62 60 80 44
More information about the freebsd-pf
mailing list