Re: Default Gateway, PF, BAD State

Tue, 18 Apr 2006 12:48:45 -0700 

On Tue, Apr 18, 2006 at 10:08:45AM -0700, Greg Thomas wrote:
> On 4/6/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> > On Thu, Apr 06, 2006 at 01:15:53AM +1200, Joshua Sandbrook wrote:
> > > Hello There.
> > >
> > > Ive got two openbsd gateways:
> > >
> > > 192.168.3.253 +192.168.4.254 - gateway to 192.168.4.0/24 subnet. this
> > > obsd box has a default gateway set to 192.168.3.254, and all hosts on
> > > the 192.168.4.0/24 subnet have their gateway set to 192.168.4.254. PF
> > > turned OFF.
> > >
> > > 192.168.3.254 - gateway to the internet, is set as default gateway for
> > > hosts on the 192.168.3.0/24. This box has a route set for 192.168.4.0/24
> > > to 192.168.3.253.
> > >
> > > Now then... What happens is when a workstation ( 192.168.3.0/24 hosts )
> > > trys to transfer a file to a host on the 192.168.4.0/24 subnet, it
> > > transfers around 60Kb, before it hangs and starts eventually times out
> > > or gets reset. This is with pf turned ON on the 192.168.3.254 box. Rules
> > > are to pass out and pass in everything.
> > >
> > > I 'set debug loud' in pf.conf, and in /var/log/messages lots of these
> > > types of messages showed up:
> > >
> > > Apr  6 17:21:31 sidb /bsd: pf: BAD state: TCP 192.168.3.222:33085
> > > 192.168.3.222:33085 192.168.4.51:22 [lo=2515403070 high=2515336655
> > > win=49640 modulator=0] [lo=0 high=49640 win=1 modulator=0] 2:0 A
> > > seq=2515403070 ack=0 len=1460 ackskew=0 pkts=64:0 dir=out,fwd
> > >
> > > Now, if I turn pf OFF, everything works fine. And if I manually add a
> > > route to a workstation for 192.168.4.0/24 then it also works fine,
> > > because it then does not use the 192.168.3.254 gateway to get to
> > > 192.168.4.0/24.
> > >
> > > So then... any ideas how to fix this?
> >
> > No, but the fact that you claim 192.168.3.0/24 can get to 192.168.4.0/24
> > without going through the router means either one of us is confused or
> > your network is set up in a rather strange way.
> >
> 
> The way I read it is:
> 
> 192.168.4.0 <-> 192.168.4.254(router)192.168.3.253 <-> 192.168.3.0 <->
> 192.168.3.254(router)public_ip <-> Internet

That makes sense. Still, the OP doesn't seem in a hurry to get his
answers - I'd forgotten about this thread - so he's presumably solved
his problem...

Plus, I anticipate debugging this will require more information and lots
of time. And will likely end up pointing to bad hardware or somesuch.

                Joachim

Reply via email to