On Wed, 12 Sep 2012 14:49:31 +0300 Theodor-Iulian Ciobanu <[email protected]> wrote:
> > Add a -e to your tcpdump and see what MAC is sourcing that RST. > > That's the source of your issue, and based on your description, it > > has nothing to do with the firewall (if you're getting a RST on the > > server that you don't see on the firewall, something other than the > > firewall or the client has to be sending it). > > I already checked, the MAC is that of the firewall, although it > doesn't show in the dump. Then, there's the case of the openssh > banner that does show up in tcpdump on pfsense but doesn't make it to > the client. As suspected, it was a trivial and so obvious mistake that I kept missing it - a routing error, the WAN interface had the wrong gateway set, which was sending the RST when faced with an established TCP connection it knew nothing about. I couldn't really tell why it worked in 1.0.1. I'm guessing the gateway option for an interface was a later addition and until then it was using just the default gateway setting, or the other way around. My apologies for all the noise. Great product! -- Theo _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
