Static Route + Firewall Problem



  • Hi guys,

    I read a lot of things here, but didn't work for me.

    My current version: 2.0.3-RELEASE (amd64)
    2 NIC (WAN + LAN)
    2 Gateways

    WAN - pppoe
    LAN - 10.0.0.0/24
    default gateway - dynamic by WAN
    vpn gateway - 10.0.0.240

    static routes:
    172.27.254.0/24
    10.10.14.0/24

    what works:

    • Internet  OK
    • Ping my static routes OK
    • Access static routes OK (browser, ssh)

    problems encountered:
    if I use the the pfsense my default gateway, my connection to client vpn (10.0.0.240) drops every 200KB
    I can't commit to a SVN, use SCP from linux or Filezilla…

    what I've done

    • check "Bypass firewall rules for traffic on the same interface" but nothing happens
    • when I "pfctl -d" all works fine (like Disable Filters on Advanced page) but I need the firewall

    SCP with firewall ON (the transfer stop  ~200kb)

    10:20:20.328499 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [s], seq 2663523693, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
    10:20:20.328604 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [s], seq 2663523693, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
    10:20:20.328630 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 60
    10:20:20.345278 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 329830141, win 32768, length 0
    10:20:20.345308 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 1, win 32768, length 0
    10:20:20.345325 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:20:20.387924 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
    10:20:20.387957 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
    10:20:20.388424 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
    10:20:20.388446 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
    10:20:20.424078 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
    10:20:20.424117 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
    10:20:20.487749 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
    10:20:20.487788 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
    10:20:20.567467 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
    10:20:20.567520 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
    10:20:20.567677 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
    10:20:20.567687 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
    10:20:20.587388 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
    10:20:20.587409 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
    10:20:20.606277 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
    10:20:20.606301 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
    10:20:20.636186 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
    10:20:20.636217 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
    10:20:20.654028 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
    10:20:20.654052 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
    10:20:20.654221 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
    10:20:20.654230 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
    10:20:20.677838 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
    10:20:20.677861 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
    10:20:20.865714 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
    10:20:20.865735 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
    10:20:20.886146 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
    10:20:20.886166 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
    10:20:20.904182 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
    10:20:20.904205 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
    10:20:20.923463 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
    10:20:20.923495 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
    10:20:20.941057 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
    10:20:20.941073 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
    10:20:20.958715 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
    10:20:20.958738 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
    10:20:20.976117 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
    10:20:20.976137 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
    10:20:21.038788 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
    10:20:21.038831 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
    10:20:21.059559 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
    10:20:21.059582 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
    10:20:21.076978 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
    10:20:21.076994 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
    10:20:21.152443 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
    10:20:21.152464 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
    10:20:26.045553 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
    10:20:26.045571 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
    10:20:26.067247 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
    10:20:26.067264 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
    10:20:26.104566 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.104586 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.104930 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.104943 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105189 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105201 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105305 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105317 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105422 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.105431 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.175292 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.175313 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.175966 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.175978 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.176201 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.176212 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.176706 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.176718 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:20:26.177681 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    
    SCP with firewall off
    [code]10:24:26.589689 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [s], seq 3841722664, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
    10:24:26.589698 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [s], seq 3841722664, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
    10:24:26.589706 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 60
    10:24:26.605976 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 432157001, win 32768, length 0
    10:24:26.605986 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 1, win 32768, length 0
    10:24:26.605995 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.648540 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
    10:24:26.648549 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
    10:24:26.648557 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.649499 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
    10:24:26.649507 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
    10:24:26.649514 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.678233 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
    10:24:26.678239 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
    10:24:26.678247 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.745263 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
    10:24:26.745271 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
    10:24:26.745279 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.822460 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
    10:24:26.822469 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
    10:24:26.822477 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.822653 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
    10:24:26.822659 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
    10:24:26.822665 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.842685 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
    10:24:26.842694 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
    10:24:26.842701 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:26.860447 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
    10:24:26.860455 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
    10:24:26.860463 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.047968 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
    10:24:27.047982 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
    10:24:27.047990 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.066237 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
    10:24:27.066255 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
    10:24:27.066269 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.066452 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
    10:24:27.066459 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
    10:24:27.066465 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.096770 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
    10:24:27.096779 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
    10:24:27.096787 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.256835 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
    10:24:27.256845 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
    10:24:27.256853 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.279246 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
    10:24:27.279255 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
    10:24:27.279262 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.296835 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
    10:24:27.296844 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
    10:24:27.296852 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.320146 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
    10:24:27.320158 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
    10:24:27.320167 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.337792 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
    10:24:27.337801 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
    10:24:27.337807 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.355334 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
    10:24:27.355341 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
    10:24:27.355347 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.372934 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
    10:24:27.372942 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
    10:24:27.372949 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.425040 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
    10:24:27.425049 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
    10:24:27.425058 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.447112 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
    10:24:27.447123 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
    10:24:27.447131 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.465107 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
    10:24:27.465116 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
    10:24:27.465123 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:27.532881 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
    10:24:27.532891 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
    10:24:27.532899 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.025766 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
    10:24:32.025775 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
    10:24:32.025782 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.044769 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
    10:24:32.044778 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
    10:24:32.044784 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.063724 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.063734 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.063741 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.064060 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064067 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064073 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.064215 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064223 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064228 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.064380 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064385 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064391 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.064632 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064639 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.064645 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.104583 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.104592 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.104600 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
    10:24:32.104971 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    10:24:32.104978 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
    
    my route table
    [code]Routing tables
    
    Internet:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            177.133.132.1.dyna UGS         0   252811 pppoe0
    10.0.0.0           link#1             U           0 43554023    em0
    fw01               link#1             UHS         0        3    lo0
    10.10.254.0        10.0.0.240         UGS         0        0    em0
    localhost          link#5             UH          0   107860    lo0
    140.85.0.0         10.0.0.240         UGS         0        1    em0
    172.27.254.0       10.0.0.240         UGS         0    59979    em0
    177.133.132.1.dyna link#9             UH          0     4987 pppoe0
    186.215.235.182.st link#9             UHS         0       10    lo0
    [/code]
    
    sorry for my poor English
    
    [/s][/s][/code][/s][/s]
    

  • Rebel Alliance Developer Netgate

    You probably need to check System > Advanced, Firewall Tab, "Bypass firewall rules for traffic on the same interface"


Log in to reply