-
Hi people, I have a doubt,What does these mean?
*TCP:FA
*TCP:RA
*TCP:RI see some connections blocked where with that info, and they should be passed, on my WAN interface..
I have a NAT rule:
WAN TCP/UDP * * WAN address 80 (HTTP) 10.20.11.3 80 (HTTP) HTTPI get this in logs:
block
Mar 12 09:07:06 WAN 190.23.10.51:10139 10.20.11.3:80 TCP:R
block
Mar 12 08:43:12 WAN 130.120.110.15:52030 10.20.11.3:80 TCP:RA
block
Mar 12 08:43:02 WAN 130.120.110.15:52032 10.20.11.3:80 TCP:FAthanks
-
Look at your :R :FA, etc
Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked. If traffic shows FA,
TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR
Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.
if you reboot pfsense, or clear the states then yeah you can see those quite often. Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.
Common to see such traffic.