SYN_SENT:CLOSED & CLOSED:SYN_SENT

laynakail

hello, iam using pfsense as router. and i have set it up, configured it with 4 interfaces , with bgp and all working like a charm.
however some random website are not opening, and checking logs iam recieving CLOSED:SYN_SENT on the ip of the example website. its doing this on 1 of the interface which is NETX3 interface. any help would be much appreciated !
Thnx in avance !

	States	Protocol	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	Actions

0 /188 KiB

• Reserved
  Not assigned by IANA * * * * * Block bogon networks
  0 /0 B
  IPv4 * NETX3 net * * * * none
  6 /42 KiB
  IPv4+6 ICMP
  echorep, echoreq
• • • • • none
          0 /4 KiB
          IPv4+6 TCP * * NETX 3 address 179 (BGP) * none
          0 /10 KiB
          IPv4 TCP * * 0.0.0.0 443 (HTTPS) * none NAT Switch
          0 /0 B
          IPv4 TCP * * 0.0.0.0 443 (HTTPS) * none NAT Switch
          0 /0 B
          IPv4 TCP * * 0.0.0.0 ( 443 (HTTPS) * none NAT Switch

laynakail

@laynakail said in SYN_SENT:CLOSED & CLOSED:SYN_SENT:

hello, iam using pfsense as router. and i have set it up, configured it with 4 interfaces , with bgp and all working like a charm.
however some random website are not opening, and checking logs iam recieving CLOSED:SYN_SENT on the ip of the example website. its doing this on 1 of the interface which is NETX3 interface. any help would be much appreciated !
Thnx in avance !

  States	Protocol	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	Actions

0 /188 KiB

• Reserved
  Not assigned by IANA * * * * * Block bogon networks
  0 /0 B
  IPv4 * NETX3 net * * * * none
  6 /42 KiB
  IPv4+6 ICMP
  echorep, echoreq
• • • • • none
          0 /4 KiB
          IPv4+6 TCP * * NETX 3 address 179 (BGP) * none
          0 /10 KiB
          IPv4 TCP * * 0.0.0.0 443 (HTTPS) * none NAT Switch
          0 /0 B
          IPv4 TCP * * 0.0.0.0 443 (HTTPS) * none NAT Switch
          0 /0 B
          IPv4 TCP * * 0.0.0.0 ( 443 (HTTPS) * none NAT Switch

the 0.0.0.0 are my jus for example here

johnpoz

@laynakail said in SYN_SENT:CLOSED & CLOSED:SYN_SENT:

CLOSED:SYN_SENT

That just means the syn was sent, but not reply was received.. I can send a syn anywhere, but if they don't answer the state will never be opened..

Sniff on your outbound traffic when you try and make a connection - you see the syn go out, do you ever see a syn,ack back? from closeds:syn_sent that would be a no..

example... I try and open connect to say 1.1.1.1 on port 666..

So pfsense sent the syn trying to connect to 1.1.1.1 on port 666.. But no answer.. So the states are closed:syn_sent

Here is sniff showing syns being sent - but nothing coming back.

Also vs posting some ascii art, how about a screenshot of what your trying show.. Are those suppose to be your wan rules? Show them in a simple screenshot.. .So much easier to decipher

If those are you wan rules - they have nothing to do with talking to some website.. Those would only be port forwards to something inside your network or allowing traffic direct to pfsense wan IP, or allowing something through to a routed public network, etc. I assume its your wan because you look to have bogon on there..