[ previous ] [ next ] [ threads ]
 
 From:  Pascal Gaudette <pascal underscore gaudette at yahoo dot ca>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Why am I blocking legitimate packets?
 Date:  Wed, 26 Apr 2006 10:21:19 -0400 (EDT)
Hi all,

"Chris Buechler" <cbuechler at gmail dot com> wrote:
> 
> It's always been happening and you just now noticed
> it.
>
http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html
> 

Argh. Sorry for asking about something in the FAQ. 
But couldn't seeing _many_ of these duplicates be a
symptom of other problems?

I'm also surprised see blocked *outbound* duplicates. 
For inbound, I can see that since m0n0's state engine
is the only thing allowing these return packets
through, any duplicates will wind up on a rule that
says "block".  But for outbound, if my computer
decides it needs to resend a packet, why should m0n0
block it when the only rule I have on that interface
is to allow anything through? If my computer's
resending packets, wouldn't it be because these
packets haven't been acked by the server? Why else
would it resend the same packet so many times?

13:12:25.258772 xl0 @0:22 b 10.0.1.101,59002 ->
62.2.215.148,80 PR tcp len 20 40 -AF IN

Dunno, these weird log entries are the only thing I've
got to go on in trying to troubleshoot a suddenly very
flaky connection...  Again, sorry for asking about
something in the FAQ.

--
Pascal Gaudette <pascal underscore gaudette at yahoo dot ca>

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com