[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

any tcp connection not able to survive



Hi everyone,

I really need your help. Earlier I had

http://restricted.dyndns.org/pffw1.txt
http://restricted.dyndns.org/pffw2.txt


My issue is about any TCP connection from an internal machine connecting to an outside machine. I am ssh'ing from 172.16.0.9(internal machine) to 192.168.1.105(external machine) without any issues.

Once I remove the lan cable on the master firewall external interface, my existing ssh connection is dropped. However, pfctl -s state still shows the connection.

self tcp 192.168.1.105:22 <- 172.16.0.9:2291 ESTABLISHED:ESTABLISHED
self tcp 172.16.0.9:2291 -> 192.168.1.100:64001 -> 192.168.1.105:22 ESTABLISHED:ESTABLISHED


These lines can be seen from both firewalls and they're identical.

my latest pf.conf are @

http://restricted.dyndns.org/pfconffw1.txt
http://restricted.dyndns.org/pfconffw2.txt


and i have removed tons of lines but still these config didn't help.

I also tried telnet and it had the same behavior.

However, if the lan cable from master external interface is not connected and I setup a new ssh connection from same machines, and I put back the cable to master external interface, ssh is still running fine and ifconfig in master shows that it's the master in CARP interface again.

tcp connection from External->Internal works GREAT though, tcp sessions not dropped!!!

So can anyone please help me what my issue is?