Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues in packet flow

    Scheduled Pinned Locked Moved
    Firewalling
    1
    1
    61
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gaboche
      last edited by

      Hi,

      I will try to explain my issue shortly.

      I have an infrastructure with a PFsense on the edge acting as firewall and reverse proxy.

      An application is accessible on the wan address (A.A.A.A) with a specific port (ppp).

      Firewall side : a floating rule allow access on A.A.A.A:ppp for some specific networks (ipv4 network of my 4G provider)

      HAPROXY side : a frontend listen on A.A.A.A:ppp with an acl matching the hostname of the application and a backend send it to the designated server.

      This work fine since a few years.

      Except since monday I've found a few (four for now) IP in a /10 network of my provider presenting an issue.

      For this few adresses I have the following issue :
      Firewall side : traffic logged, PASS
      HAPROXY side : nothing

      few tests done show :

      • killing the acl on the frontend of HAPROXY change nothing
      • in the same time other similar adresses work fine
      • same sourceIP on another port the packet is handled by HAPROXY
      • if i make a port forward rule to redirect the packet on localhost and another port and create the appropriate HAPROXY frontend, the packet is not handled to HAPROXY

      So it seem that this specific IPsource/Portdestination couple is not handled to the proxy.

      My interrogation is :
      wich process between the firewall and the HAPROXY can throw this packet ?

      Since monday i'm even dreaming of this issue, i've done more test than written here (and even dreamed some more).
      If someone can offer some help for my mental health sake...

      Thank you

      1 Reply Last reply Reply Quote 0
      • First post
        Last post