• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Error TCP:FPA TCP:FA block

Scheduled Pinned Locked Moved Routing and Multi WAN
10 Posts 2 Posters 3.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    klaos
    last edited by Apr 1, 2015, 3:34 PM Apr 1, 2015, 3:03 PM

    Good afternoon to all my structure is as follows

    Pòint A: Pfsense 2.1.5

    Point B: 2.1.5

    Point A:
    WAN Copel IP dinamic
    WAN: GVT IP Dinamic

    point B
    WAN ip fixed
    WAN2 ip fixed

    OpenVPN Server in Point B and Client Point

    Outbound with manual bucause MASQUEREDE

    make  drop witch packets TCP:FA
    Enable  Bypass firewall rules for traffic on the same interface

    block
    Apr 1 11:59:00 Direction=OUT ovpns3 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.5:1109 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.1.16:5060 TCP:A
    block
    Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
    block
    Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
    block
    Apr 1 11:59:01 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
    block
    Apr 1 11:59:03 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA
    block
    Apr 1 11:59:05 Direction=OUT ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.2.30:50369 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.1.28.11:3389 TCP:PA

    1 Reply Last reply Reply Quote 0
    • K
      KOM
      last edited by Apr 1, 2015, 3:27 PM

      Este é um fórum Inglês. Por favor coloque o seu problema no fórum Português, ou usar o Google Translate para converter de Português para Inglês.

      This is an English forum.  Please post your problem in the Portuguese forum, or use Google Translate to convert from Portuguese to English.

      1 Reply Last reply Reply Quote 0
      • K
        klaos
        last edited by Apr 1, 2015, 3:33 PM

        I'am edit to English Now Tnks

        @KOM:

        Este é um fórum Inglês. Por favor coloque o seu problema no fórum Português, ou usar o Google Translate para converter de Português para Inglês.

        This is an English forum.  Please post your problem in the Portuguese forum, or use Google Translate to convert from Portuguese to English.

        1 Reply Last reply Reply Quote 0
        • K
          KOM
          last edited by Apr 1, 2015, 5:33 PM

          If I understand your problem, you are concerned about some packets being blocked and you don't understand why?  Those packets appear to be out-of-state, and are normal for pfSense.  When a connection is closed by one side, the other side will send an ACK packet to say that it received the close request.  Since pfSense has already closed the connection, it will drop the packet that acknowledges the connection close request.  Since pfSense already considers the state closed, it will reject that ACK packet and log it.

          1 Reply Last reply Reply Quote 0
          • K
            klaos
            last edited by Apr 1, 2015, 5:38 PM

            Understand, because doing this with almost all packages of VPN, which traffics Squid and Voip and thus falling connection or getting dumb Voip

            Is there any way to fix this?

            1 Reply Last reply Reply Quote 0
            • K
              KOM
              last edited by Apr 1, 2015, 5:47 PM

              If it is out-of-state packets, then you should just ignore them.  Are you having some kind of problem that these dropped packets are related to?

              1 Reply Last reply Reply Quote 0
              • K
                klaos
                last edited by Apr 1, 2015, 5:54 PM

                Yes I am, is losing direct connection Voip and Terminal Server, giving drop in constant 3389 5060 3128

                1 Reply Last reply Reply Quote 0
                • K
                  KOM
                  last edited by Apr 1, 2015, 6:20 PM

                  I think your problems are not related to these packets.  TCP:FA is a FIN ACK, which is acknowledgement of receiving a TCP teardown request.  This packet is the most commonly blocked out-of-state packet.

                  Now, on to your actual problems.  I'm not sure if I fully understand you, but I am guessing that you have these two sites connected by OpenVPN, and you say that there is disconnection between the sites?  When a disconnection happens, check Status - System Logs - System - General and Gateways.

                  1 Reply Last reply Reply Quote 0
                  • K
                    klaos
                    last edited by Apr 1, 2015, 6:30 PM

                    Oowoo

                    I guess it's a problem

                    Apr 1 12:47:51 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
                    Apr 1 12:48:21 apinger: ALARM: WAN_OPTITELGW(8.8.4.4) *** down ***
                    Apr 1 12:48:25 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
                    Apr 1 12:51:06 apinger: ALARM: WAN_FASTSIGNALGW(8.8.8.8) *** down ***
                    Apr 1 12:51:07 apinger: alarm canceled: WAN_FASTSIGNALGW(8.8.8.8) *** down ***
                    Apr 1 12:51:27 apinger: ALARM: WAN_OPTITELGW(8.8.4.4) *** down ***
                    Apr 1 12:51:29 apinger: alarm canceled: WAN_OPTITELGW(8.8.4.4) *** down ***
                    Apr 1 12:52:14 apinger: SIGHUP received, reloading configuration.
                    Apr 1 12:52:24 apinger: SIGHUP received, reloading configuration.
                    Apr 1 13:08:03 apinger: SIGHUP received, reloading configuration.

                    now Estable Gateway This stable now and do not have more drop

                    1 Reply Last reply Reply Quote 0
                    • K
                      KOM
                      last edited by Apr 1, 2015, 6:48 PM

                      The problem you are seeing may be related to apinger.  Search these forums and you will see a LOT of apinger problems with 2.1.x.  This functionality has been improved in pfSense 2.2.  You might want to look at upgrading.

                      1 Reply Last reply Reply Quote 0
                      1 out of 10
                      • First post
                        1/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received