5. IRC disconnections due to fragment reassemble

IRC disconnections due to fragment reassemble

  • H

    Hi,

    Since a week or so im using Pfsense in a production environement and i'm encountering a serious issue
    im using Pfsense to shield my windows vps server (both hosted on esxi5) with NAT enabled

    users are connecting to irc (port 6667) fine, however sometimes this occurs, and the user is disconnected:

    block
    Aug 9 15:46:30 WAN xx.xx.96.234:55220 192.168.10.100:6667 TCP:RA
    block
    Aug 9 15:46:14 WAN xx.xx.96.234:55220 192.168.10.100:6667 TCP:PA
    (goes on 10 times more)

    after this the user reconnects without any further problems
    when i click on more details, this shows up:

    The rule that triggered this action is:

    @1 scrub in on em1 all fragment reassemble
    @1 block drop in log all label "Default deny rule"

    i found an old topic discussing snapshot 2.0, however im running the latest version of pfsense.

    is there a workaround or can this be fixed in an update?

    Stefan

    edit1:
    version pfsense:
    2.0.1-RELEASE (i386)
    built on Mon Dec 12 17:53:52 EST 2011
    FreeBSD 8.1-RELEASE-p6

    0
  • Rebel Alliance Developer Netgate

    That doesn't have anything to do with fragment reassemble, it just also happens to match the rule number that blocked it, 1.

    http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy