[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Default Gateway, PF, BAD State



On Thu, Apr 06, 2006 at 01:15:53AM +1200, Joshua Sandbrook wrote:
> Hello There.
> 
> Ive got two openbsd gateways:
> 
> 192.168.3.253 +192.168.4.254 - gateway to 192.168.4.0/24 subnet. this 
> obsd box has a default gateway set to 192.168.3.254, and all hosts on 
> the 192.168.4.0/24 subnet have their gateway set to 192.168.4.254. PF 
> turned OFF.
> 
> 192.168.3.254 - gateway to the internet, is set as default gateway for 
> hosts on the 192.168.3.0/24. This box has a route set for 192.168.4.0/24 
> to 192.168.3.253.
> 
> Now then... What happens is when a workstation ( 192.168.3.0/24 hosts ) 
> trys to transfer a file to a host on the 192.168.4.0/24 subnet, it 
> transfers around 60Kb, before it hangs and starts eventually times out 
> or gets reset. This is with pf turned ON on the 192.168.3.254 box. Rules 
> are to pass out and pass in everything.
> 
> I 'set debug loud' in pf.conf, and in /var/log/messages lots of these 
> types of messages showed up:
> 
> Apr  6 17:21:31 sidb /bsd: pf: BAD state: TCP 192.168.3.222:33085 
> 192.168.3.222:33085 192.168.4.51:22 [lo=2515403070 high=2515336655 
> win=49640 modulator=0] [lo=0 high=49640 win=1 modulator=0] 2:0 A 
> seq=2515403070 ack=0 len=1460 ackskew=0 pkts=64:0 dir=out,fwd
> 
> Now, if I turn pf OFF, everything works fine. And if I manually add a 
> route to a workstation for 192.168.4.0/24 then it also works fine, 
> because it then does not use the 192.168.3.254 gateway to get to 
> 192.168.4.0/24.
> 
> So then... any ideas how to fix this?

No, but the fact that you claim 192.168.3.0/24 can get to 192.168.4.0/24
without going through the router means either one of us is confused or
your network is set up in a rather strange way.

		Joachim