TCP:RA when backing up to synology cloud
-
Hi Team,
I have a synology nas that backs up around 150GB overnight to synology c3 clould backup service. During the day there is a different share which is around 1Gb that gets back up fine. During the past 3 days, around 0200 am I started to see the following errors:
May 11 04:22:30 LAN 192.168.30.64:56438 159.100.4.15:443 TCP:FA
@5(1000000103) block drop in log inet all label "Default deny rule IPv4"Now we been using this for over 2 months fine and this started 3 days ago. Nothing has changed on the firewall in the last 3 days nor anything has changed on the network. Pf sense is the latest version.
Can anyone advise please as I am lost as to why this has started to happen. When this happens the backup will consure all the resource of the nas so I need to canel it all together to get it bcak to life.Cheers for the assistance.
rajbps
-
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
While you might have something going on, a FIN:ACK is the normal closing of a TCP connection. Since pfSense initiated the close and considered the state dead, the reply ACK is considered an unsolicited connection attempt and blocked.
-
Such blocks can often show up when your seeing connection issues and retrans where firewall saw fin and closed the state but client or server did not and continue to send retrans of the fins or fin,ack