SFTP Access
-
Stephenw10, where would I exclude that site from the load balancing?
johnpoz: Not a name resolution problem, I've done a nslookup and it resolves fine. Will look at the sniffing on the lan to see if I can tell more of what is happening.
Rui
-
I have attached the only floating rule I have in a jpg.
Here is the packet capture from pfsense on the LAN port:
10:41:57.666222 00:22:19:07:47:28 > 00:13:72:0f:57:92, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 13837, offset 0, flags , proto TCP (6), length 52) 192.168.1.23.64669 > 66.179.147.73.22: Flags , cksum 0x9241 (correct), seq 1772273340, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 10:42:00.666022 00:22:19:07:47:28 > 00:13:72:0f:57:92, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 13840, offset 0, flags , proto TCP (6), length 52) 192.168.1.23.64669 > 66.179.147.73.22: Flags , cksum 0x9241 (correct), seq 1772273340, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 10:42:06.666431 00:22:19:07:47:28 > 00:13:72:0f:57:92, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 13844, offset 0, flags , proto TCP (6), length 48) 192.168.1.23.64669 > 66.179.147.73.22: Flags , cksum 0xa650 (correct), seq 1772273340, win 8192, options [mss 1460,nop,nop,sackOK], length 0Not sure exactly what I'm looking at.
-
Well I think the way you posted it caused the lines in the text..
But here
192.168.1.23.64669 > 66.179.147.73.22that is that IP talking to that fqdn you posted sftp.link2gov.com [66.179.147.73] on port 22 or ssh/sftp port.
And here is answer back
192.168.1.23.64669 > 66.179.147.73.22
So clearly pfsense is not blocking the traffic.. Load it up into wireshark and see if your seeing RST come back or something. So I would assume syn, and then syn,ack - but then there is another answer back.. maybe RST?? what does wireshark show?
-
There isn't anything in reply in that capture snippet, only LAN outbound.
Go to Diagnostics>States and filter on that 66.179 IP, what do the states look like?
-
Here is the States Filter results:
tcp 66.179.147.73:22 <- 192.168.1.23:49769 CLOSED:SYN_SENT
tcp 192.168.1.23:49769 -> 100.1.217.93:21780 -> 66.179.147.73:22 SYN_SENT:CLOSED -
I tried 'sticky connections' and excluded that site from the load balancing without any effect.
Rui
-
Is your SFTP server a machine on the LAN? (maybe a dumb question)
Is that all that machine does is SFTP?
which version of pfsense are you using?
-
My bad - you are correct there was no answer back, the lines thru the text must of confused me ;) hehehe
So I would suggest now sniff on the wan - do you not see an answer?
-
So here it is guys. It seems that this particular site does not like a dual WAN firewall. I setup another pfsense box without the dual WAN and I can now access the site right through the firewall.
That's too bad I was really linking the extra bandwith. I will now try to setup CARP so that I can at least have redundancy.
Thanks for all the suggestions and help.
Rui
-
It's almost certainly not the fact it's dual WAN, that site isn't replying to/is blocking the source IP you're sending it out from, or maybe a general connectivity issue for that network. A traceroute might be telling. The states you showed prove it's getting sent out no problem, getting NATed as it appears it should be, but gets no reply back at all.
