Error TCP:FPA TCP:FA block
-
Good afternoon to all my structure is as follows
Pòint A: Pfsense 2.1.5
Point B: 2.1.5
Point A:
WAN Copel IP dinamic
WAN: GVT IP Dinamicpoint B
WAN ip fixed
WAN2 ip fixedOpenVPN Server in Point B and Client Point
Outbound with manual bucause MASQUEREDE
make drop witch packets TCP:FA
Enable Bypass firewall rules for traffic on the same interfaceblock
Apr 1 11:59:00 Direction=OUT ovpns3 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.5:1109 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 192.168.1.16:5060 TCP:A
block
Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
block
Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
block
Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
block
Apr 1 11:59:03 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
block
Apr 1 11:59:05 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA -
Este é um fórum Inglês. Por favor coloque o seu problema no fórum Português, ou usar o Google Translate para converter de Português para Inglês.
This is an English forum. Please post your problem in the Portuguese forum, or use Google Translate to convert from Portuguese to English.
-
I'am edit to English Now Tnks
@KOM:
Este é um fórum Inglês. Por favor coloque o seu problema no fórum Português, ou usar o Google Translate para converter de Português para Inglês.
This is an English forum. Please post your problem in the Portuguese forum, or use Google Translate to convert from Portuguese to English.
-
If I understand your problem, you are concerned about some packets being blocked and you don't understand why? Those packets appear to be out-of-state, and are normal for pfSense. When a connection is closed by one side, the other side will send an ACK packet to say that it received the close request. Since pfSense has already closed the connection, it will drop the packet that acknowledges the connection close request. Since pfSense already considers the state closed, it will reject that ACK packet and log it.
-
Understand, because doing this with almost all packages of VPN, which traffics Squid and Voip and thus falling connection or getting dumb Voip
Is there any way to fix this?
-
If it is out-of-state packets, then you should just ignore them. Are you having some kind of problem that these dropped packets are related to?
-
Yes I am, is losing direct connection Voip and Terminal Server, giving drop in constant 3389 5060 3128
-
I think your problems are not related to these packets. TCP:FA is a FIN ACK, which is acknowledgement of receiving a TCP teardown request. This packet is the most commonly blocked out-of-state packet.
Now, on to your actual problems. I'm not sure if I fully understand you, but I am guessing that you have these two sites connected by OpenVPN, and you say that there is disconnection between the sites? When a disconnection happens, check Status - System Logs - System - General and Gateways.
-
Oowoo
I guess it's a problem
Apr 1 12:47:51 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
Apr 1 12:48:21 apinger: ALARM: WAN_OPTITELGW(8.8.4.4) *** down ***
Apr 1 12:48:25 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
Apr 1 12:51:06 apinger: ALARM: WAN_FASTSIGNALGW(8.8.8.8) *** down ***
Apr 1 12:51:07 apinger: alarm canceled: WAN_FASTSIGNALGW(8.8.8.8) *** down ***
Apr 1 12:51:27 apinger: ALARM: WAN_OPTITELGW(8.8.4.4) *** down ***
Apr 1 12:51:29 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
Apr 1 12:52:14 apinger: SIGHUP received, reloading configuration.
Apr 1 12:52:24 apinger: SIGHUP received, reloading configuration.
Apr 1 13:08:03 apinger: SIGHUP received, reloading configuration.now Estable Gateway This stable now and do not have more drop
-
The problem you are seeing may be related to apinger. Search these forums and you will see a LOT of apinger problems with 2.1.x. This functionality has been improved in pfSense 2.2. You might want to look at upgrading.